index.html

<!doctype html>
<html>
  <head>
      <!-- Global site tag (gtag.js) - Google Analytics -->
      <script async src="https://www.googletagmanager.com/gtag/js?id=UA-164014896-1"></script>
      <script>
          window.dataLayer = window.dataLayer || [];
          function gtag(){dataLayer.push(arguments);}
          gtag('js', new Date());

          gtag('config', 'UA-164014896-1');
      </script>

      <meta charset="utf-8">
    <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">

    <meta property="og:title"              content="CDR Register Design Reference" />
    <meta property="og:description"        content="The CDR Register Design Reference provides participants with design specifications defining how to interact with the CDR Register" />
    <meta property="og:image"              content="images/ACCC_Stacked_RGB_Positive.png" />

    <title>CDR Register Design Reference</title>

    <style>
      .highlight table td { padding: 5px; }
.highlight table pre { margin: 0; }
.highlight .gh {
  color: #999999;
}
.highlight .sr {
  color: #f6aa11;
}
.highlight .go {
  color: #888888;
}
.highlight .gp {
  color: #555555;
}
.highlight .gs {
}
.highlight .gu {
  color: #aaaaaa;
}
.highlight .nb {
  color: #f6aa11;
}
.highlight .cm {
  color: #75715e;
}
.highlight .cp {
  color: #75715e;
}
.highlight .c1 {
  color: #75715e;
}
.highlight .cs {
  color: #75715e;
}
.highlight .c, .highlight .cd {
  color: #75715e;
}
.highlight .err {
  color: #960050;
}
.highlight .gr {
  color: #960050;
}
.highlight .gt {
  color: #960050;
}
.highlight .gd {
  color: #49483e;
}
.highlight .gi {
  color: #49483e;
}
.highlight .ge {
  color: #49483e;
}
.highlight .kc {
  color: #66d9ef;
}
.highlight .kd {
  color: #66d9ef;
}
.highlight .kr {
  color: #66d9ef;
}
.highlight .no {
  color: #66d9ef;
}
.highlight .kt {
  color: #66d9ef;
}
.highlight .mf {
  color: #ae81ff;
}
.highlight .mh {
  color: #ae81ff;
}
.highlight .il {
  color: #ae81ff;
}
.highlight .mi {
  color: #ae81ff;
}
.highlight .mo {
  color: #ae81ff;
}
.highlight .m, .highlight .mb, .highlight .mx {
  color: #ae81ff;
}
.highlight .sc {
  color: #ae81ff;
}
.highlight .se {
  color: #ae81ff;
}
.highlight .ss {
  color: #ae81ff;
}
.highlight .sd {
  color: #e6db74;
}
.highlight .s2 {
  color: #e6db74;
}
.highlight .sb {
  color: #e6db74;
}
.highlight .sh {
  color: #e6db74;
}
.highlight .si {
  color: #e6db74;
}
.highlight .sx {
  color: #e6db74;
}
.highlight .s1 {
  color: #e6db74;
}
.highlight .s {
  color: #e6db74;
}
.highlight .na {
  color: #a6e22e;
}
.highlight .nc {
  color: #a6e22e;
}
.highlight .nd {
  color: #a6e22e;
}
.highlight .ne {
  color: #a6e22e;
}
.highlight .nf {
  color: #a6e22e;
}
.highlight .vc {
  color: #ffffff;
}
.highlight .nn {
  color: #ffffff;
}
.highlight .nl {
  color: #ffffff;
}
.highlight .ni {
  color: #ffffff;
}
.highlight .bp {
  color: #ffffff;
}
.highlight .vg {
  color: #ffffff;
}
.highlight .vi {
  color: #ffffff;
}
.highlight .nv {
  color: #ffffff;
}
.highlight .w {
  color: #ffffff;
}
.highlight {
  color: #ffffff;
}
.highlight .n, .highlight .py, .highlight .nx {
  color: #ffffff;
}
.highlight .ow {
  color: #f92672;
}
.highlight .nt {
  color: #f92672;
}
.highlight .k, .highlight .kv {
  color: #f92672;
}
.highlight .kn {
  color: #f92672;
}
.highlight .kp {
  color: #f92672;
}
.highlight .o {
  color: #f92672;
}
    </style>
    <link href="stylesheets/screen.css" rel="stylesheet" media="screen" />
    <link href="stylesheets/print.css" rel="stylesheet" media="print" />
      <script src="javascripts/all.js"></script>
    <link href="images/favicon.ico" rel="icon" type="image/ico" />
  </head>

  <body class="index" data-languages="[&quot;Examples&quot;]">
    <a href="#" id="nav-button">
      <span>
        NAV
        <img src="images/navbar.png" alt="Navbar" />
      </span>
    </a>
    <div class="toc-wrapper">
      <img src="images/ACCC_Stacked_RGB_Reverse.PNG" class="logo" alt="Accc stacked rgb reverse" />
      <div class="title">CDR Register Design Reference</div>
        <div class="lang-selector">
              <a href="#" data-language-name="Examples">Examples</a>
        </div>
        <div class="search">
          <input type="text" class="search" id="input-search" placeholder="Search">
        </div>
        <ul class="search-results"></ul>
      <ul id="toc" class="toc-list-h1">
          <li>
            <a href="#introduction" class="toc-h1 toc-link" data-title="Introduction">Introduction</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#consumer-data-right" class="toc-h2 toc-link" data-title="Consumer Data Right">Consumer Data Right</a>
                  </li>
                  <li>
                    <a href="#accc-39-s-role" class="toc-h2 toc-link" data-title="ACCC's Role">ACCC's Role</a>
                  </li>
                  <li>
                    <a href="#data-standards-body" class="toc-h2 toc-link" data-title="Data Standards Body">Data Standards Body</a>
                  </li>
                  <li>
                    <a href="#future-dated-obligations" class="toc-h2 toc-link" data-title="Future Dated Obligations">Future Dated Obligations</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#consultation-outline" class="toc-h1 toc-link" data-title="Consultation outline">Consultation outline</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#consultation-rules-of-engagement" class="toc-h2 toc-link" data-title="Consultation rules of engagement">Consultation rules of engagement</a>
                  </li>
                  <li>
                    <a href="#feedback-sought" class="toc-h2 toc-link" data-title="Feedback sought">Feedback sought</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#consumer-data-right-register" class="toc-h1 toc-link" data-title="Consumer Data Right Register">Consumer Data Right Register</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#ecosystem-entities" class="toc-h2 toc-link" data-title="Ecosystem Entities">Ecosystem Entities</a>
                  </li>
                  <li>
                    <a href="#participant-brands" class="toc-h2 toc-link" data-title="Participant Brands">Participant Brands</a>
                  </li>
                  <li>
                    <a href="#ecosystem-component-diagram" class="toc-h2 toc-link" data-title="Ecosystem Component Diagram">Ecosystem Component Diagram</a>
                  </li>
                  <li>
                    <a href="#data-holder-2" class="toc-h2 toc-link" data-title="Data Holder">Data Holder</a>
                  </li>
                  <li>
                    <a href="#accredited-data-recipient-2" class="toc-h2 toc-link" data-title="Accredited Data Recipient">Accredited Data Recipient</a>
                  </li>
                  <li>
                    <a href="#register" class="toc-h2 toc-link" data-title="Register">Register</a>
                  </li>
                  <li>
                    <a href="#certificate-authority" class="toc-h2 toc-link" data-title="Certificate Authority">Certificate Authority</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#intermediaries" class="toc-h1 toc-link" data-title="Intermediaries">Intermediaries</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#collection-arrangements" class="toc-h2 toc-link" data-title="Collection Arrangements">Collection Arrangements</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#client-registration" class="toc-h1 toc-link" data-title="Client Registration">Client Registration</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#dynamic-client-registration" class="toc-h2 toc-link" data-title="Dynamic Client Registration">Dynamic Client Registration</a>
                  </li>
                  <li>
                    <a href="#registration-request-using-jwt" class="toc-h2 toc-link" data-title="Registration Request using JWT">Registration Request using JWT</a>
                  </li>
                  <li>
                    <a href="#registration-validation" class="toc-h2 toc-link" data-title="Registration Validation">Registration Validation</a>
                  </li>
                  <li>
                    <a href="#registration-response" class="toc-h2 toc-link" data-title="Registration Response">Registration Response</a>
                  </li>
                  <li>
                    <a href="#registration-errors" class="toc-h2 toc-link" data-title="Registration Errors">Registration Errors</a>
                  </li>
                  <li>
                    <a href="#client-registration-management" class="toc-h2 toc-link" data-title="Client Registration Management">Client Registration Management</a>
                  </li>
                  <li>
                    <a href="#authorisation-server" class="toc-h2 toc-link" data-title="Authorisation Server">Authorisation Server</a>
                  </li>
                  <li>
                    <a href="#registration-flows" class="toc-h2 toc-link" data-title="Registration Flows">Registration Flows</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#participant-statuses" class="toc-h1 toc-link" data-title="Participant Statuses">Participant Statuses</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#accredited-data-recipient-and-software-product-statuses" class="toc-h2 toc-link" data-title="Accredited Data Recipient and Software Product Statuses">Accredited Data Recipient and Software Product Statuses</a>
                  </li>
                  <li>
                    <a href="#data-holder-responsibilities" class="toc-h2 toc-link" data-title="Data Holder Responsibilities">Data Holder Responsibilities</a>
                  </li>
                  <li>
                    <a href="#metadata-cache-management" class="toc-h2 toc-link" data-title="Metadata Cache Management">Metadata Cache Management</a>
                  </li>
                  <li>
                    <a href="#etag-support" class="toc-h2 toc-link" data-title="ETag Support">ETag Support</a>
                  </li>
                  <li>
                    <a href="#checking-request-validity" class="toc-h2 toc-link" data-title="Checking Request Validity">Checking Request Validity</a>
                  </li>
                  <li>
                    <a href="#status-changes" class="toc-h2 toc-link" data-title="Status Changes">Status Changes</a>
                  </li>
                  <li>
                    <a href="#cache-refresh-metadata-request" class="toc-h2 toc-link" data-title="Cache Refresh Metadata Request">Cache Refresh Metadata Request</a>
                  </li>
                  <li>
                    <a href="#refusal-to-disclose" class="toc-h2 toc-link" data-title="Refusal To Disclose">Refusal To Disclose</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#security-profile" class="toc-h1 toc-link" data-title="Security Profile">Security Profile</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#overview" class="toc-h2 toc-link" data-title="Overview">Overview</a>
                  </li>
                  <li>
                    <a href="#register-endpoints" class="toc-h2 toc-link" data-title="Register Endpoints">Register Endpoints</a>
                  </li>
                  <li>
                    <a href="#client-authentication" class="toc-h2 toc-link" data-title="Client Authentication">Client Authentication</a>
                  </li>
                  <li>
                    <a href="#transaction-security" class="toc-h2 toc-link" data-title="Transaction Security">Transaction Security</a>
                  </li>
                  <li>
                    <a href="#participant-endpoints" class="toc-h2 toc-link" data-title="Participant Endpoints">Participant Endpoints</a>
                  </li>
                  <li>
                    <a href="#jwks-cache-management" class="toc-h2 toc-link" data-title="JWKS Cache Management">JWKS Cache Management</a>
                  </li>
                  <li>
                    <a href="#certificate-management" class="toc-h2 toc-link" data-title="Certificate Management">Certificate Management</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#availability" class="toc-h1 toc-link" data-title="Availability">Availability</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#cdn-hosted-endpoints" class="toc-h2 toc-link" data-title="CDN Hosted Endpoints">CDN Hosted Endpoints</a>
                  </li>
                  <li>
                    <a href="#cdr-register-unavailable" class="toc-h2 toc-link" data-title="CDR Register Unavailable">CDR Register Unavailable</a>
                  </li>
                  <li>
                    <a href="#certificate-authority-unavailable" class="toc-h2 toc-link" data-title="Certificate Authority Unavailable">Certificate Authority Unavailable</a>
                  </li>
                  <li>
                    <a href="#data-recipient-unavailable" class="toc-h2 toc-link" data-title="Data Recipient Unavailable">Data Recipient Unavailable</a>
                  </li>
                  <li>
                    <a href="#data-holder-unavailable" class="toc-h2 toc-link" data-title="Data Holder Unavailable">Data Holder Unavailable</a>
                  </li>
                  <li>
                    <a href="#backoff-patterns" class="toc-h2 toc-link" data-title="Backoff Patterns">Backoff Patterns</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#versioning" class="toc-h1 toc-link" data-title="Versioning">Versioning</a>
          </li>
          <li>
            <a href="#consumer-data-right-cdr-register-apis" class="toc-h1 toc-link" data-title="Register APIs">Register APIs</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#base-urls" class="toc-h2 toc-link" data-title="Base URLs:">Base URLs:</a>
                  </li>
                  <li>
                    <a href="#getopenidproviderconfig" class="toc-h2 toc-link" data-title="GetOpenIdProviderConfig">GetOpenIdProviderConfig</a>
                  </li>
                  <li>
                    <a href="#getjwks" class="toc-h2 toc-link" data-title="GetJWKS">GetJWKS</a>
                  </li>
                  <li>
                    <a href="#getdataholderbrands" class="toc-h2 toc-link" data-title="GetDataHolderBrands">GetDataHolderBrands</a>
                  </li>
                  <li>
                    <a href="#getsoftwarestatementassertion-ssa" class="toc-h2 toc-link" data-title="GetSoftwareStatementAssertion (SSA)">GetSoftwareStatementAssertion (SSA)</a>
                  </li>
                  <li>
                    <a href="#getsoftwareproductsstatus" class="toc-h2 toc-link" data-title="GetSoftwareProductsStatus">GetSoftwareProductsStatus</a>
                  </li>
                  <li>
                    <a href="#getdatarecipientsstatus" class="toc-h2 toc-link" data-title="GetDataRecipientsStatus">GetDataRecipientsStatus</a>
                  </li>
                  <li>
                    <a href="#getdatarecipients" class="toc-h2 toc-link" data-title="GetDataRecipients">GetDataRecipients</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#schemas" class="toc-h1 toc-link" data-title="Schemas">Schemas</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#tocSresponseopenidproviderconfigmetadata" class="toc-h2 toc-link" data-title="ResponseOpenIDProviderConfigMetadata">ResponseOpenIDProviderConfigMetadata</a>
                  </li>
                  <li>
                    <a href="#tocSresponsejwks" class="toc-h2 toc-link" data-title="ResponseJWKS">ResponseJWKS</a>
                  </li>
                  <li>
                    <a href="#tocSjwk" class="toc-h2 toc-link" data-title="JWK">JWK</a>
                  </li>
                  <li>
                    <a href="#tocSresponseregisterdataholderbrandlist" class="toc-h2 toc-link" data-title="ResponseRegisterDataHolderBrandList">ResponseRegisterDataHolderBrandList</a>
                  </li>
                  <li>
                    <a href="#tocSregisterdataholderbrand" class="toc-h2 toc-link" data-title="RegisterDataHolderBrand">RegisterDataHolderBrand</a>
                  </li>
                  <li>
                    <a href="#tocSsoftwareproductsstatuslist" class="toc-h2 toc-link" data-title="SoftwareProductsStatusList">SoftwareProductsStatusList</a>
                  </li>
                  <li>
                    <a href="#tocSsoftwareproductstatus" class="toc-h2 toc-link" data-title="SoftwareProductStatus">SoftwareProductStatus</a>
                  </li>
                  <li>
                    <a href="#tocSdatarecipientsstatuslist" class="toc-h2 toc-link" data-title="DataRecipientsStatusList">DataRecipientsStatusList</a>
                  </li>
                  <li>
                    <a href="#tocSdatarecipientstatus" class="toc-h2 toc-link" data-title="DataRecipientStatus">DataRecipientStatus</a>
                  </li>
                  <li>
                    <a href="#tocSresponseregisterdatarecipientlist" class="toc-h2 toc-link" data-title="ResponseRegisterDataRecipientList">ResponseRegisterDataRecipientList</a>
                  </li>
                  <li>
                    <a href="#tocSregisterdatarecipient" class="toc-h2 toc-link" data-title="RegisterDataRecipient">RegisterDataRecipient</a>
                  </li>
                  <li>
                    <a href="#tocSdatarecipientbrandmetadata" class="toc-h2 toc-link" data-title="DataRecipientBrandMetaData">DataRecipientBrandMetaData</a>
                  </li>
                  <li>
                    <a href="#tocSsoftwareproductmetadata" class="toc-h2 toc-link" data-title="SoftwareProductMetaData">SoftwareProductMetaData</a>
                  </li>
                  <li>
                    <a href="#tocSlegalentitydetail" class="toc-h2 toc-link" data-title="LegalEntityDetail">LegalEntityDetail</a>
                  </li>
                  <li>
                    <a href="#tocSregisterdataholderbrandserviceendpoint" class="toc-h2 toc-link" data-title="RegisterDataHolderBrandServiceEndpoint">RegisterDataHolderBrandServiceEndpoint</a>
                  </li>
                  <li>
                    <a href="#tocSregisterdataholderauth" class="toc-h2 toc-link" data-title="RegisterDataHolderAuth">RegisterDataHolderAuth</a>
                  </li>
                  <li>
                    <a href="#tocSlinkspaginated" class="toc-h2 toc-link" data-title="LinksPaginated">LinksPaginated</a>
                  </li>
                  <li>
                    <a href="#tocSmetapaginated" class="toc-h2 toc-link" data-title="MetaPaginated">MetaPaginated</a>
                  </li>
                  <li>
                    <a href="#tocSresponseerrorlist" class="toc-h2 toc-link" data-title="ResponseErrorList">ResponseErrorList</a>
                  </li>
                  <li>
                    <a href="#tocSerror" class="toc-h2 toc-link" data-title="Error">Error</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#dcr-api" class="toc-h1 toc-link" data-title="DCR API">DCR API</a>
              <ul class="toc-list-h2">
                  <li>
                    <a href="#register-a-client-using-a-cdr-register-issued-software-statement-assertion" class="toc-h2 toc-link" data-title="Register a client using a CDR Register issued Software Statement Assertion">Register a client using a CDR Register issued Software Statement Assertion</a>
                  </li>
                  <li>
                    <a href="#get-a-client-registration-for-a-given-client-id" class="toc-h2 toc-link" data-title="Get a Client Registration for a given Client ID">Get a Client Registration for a given Client ID</a>
                  </li>
                  <li>
                    <a href="#update-a-client-registration-for-a-given-client-id" class="toc-h2 toc-link" data-title="Update a Client Registration for a given Client ID">Update a Client Registration for a given Client ID</a>
                  </li>
                  <li>
                    <a href="#delete-a-client-registration-for-a-given-client-id" class="toc-h2 toc-link" data-title="Delete a Client Registration for a given Client ID">Delete a Client Registration for a given Client ID</a>
                  </li>
                  <li>
                    <a href="#schemas" class="toc-h2 toc-link" data-title="Schemas">Schemas</a>
                  </li>
                  <li>
                    <a href="#tocSregistrationproperties" class="toc-h2 toc-link" data-title="RegistrationProperties">RegistrationProperties</a>
                  </li>
                  <li>
                    <a href="#tocSclientregistration" class="toc-h2 toc-link" data-title="ClientRegistration">ClientRegistration</a>
                  </li>
                  <li>
                    <a href="#tocSregistrationerror" class="toc-h2 toc-link" data-title="RegistrationError">RegistrationError</a>
                  </li>
              </ul>
          </li>
          <li>
            <a href="#change-log" class="toc-h1 toc-link" data-title="Change Log">Change Log</a>
          </li>
          <li>
            <a href="#archives" class="toc-h1 toc-link" data-title="Archives">Archives</a>
          </li>
      </ul>
        <ul class="toc-footer">
            <li><a href='https://github.com/cdr-register/register'>CDR Register on Github</a></li>
            <li><a href='https://consumerdatastandards.gov.au'>Consumer Data Standards</a></li>
            <li><a href='includes/swagger/swagger.json'>Swagger (JSON)</a></li>
            <li><a href='includes/swagger/swagger.yaml'>Swagger (YAML)</a></li>
        </ul>
        <ul class="toc-footer">
            <li class="version-footer">Version: 1.5.0</li>
        </ul>

    </div>
    <div class="page-wrapper">
      <div class="dark-box"></div>
      <div class="content">
          <aside class="warning permanent-banner">
            <span>This is the archived version </span>
            <span style="font-weight: bold;">1.5.0</span>
            <span> of the CDR Register Design and is retained for reference only.</span>
            <div class="aside-second-line">Please refer to the <a href="https://consumerdatastandardsaustralia.github.io/standards">Consumer Data Standards</a> where this design is now maintained </div>
          </aside>
        <h1 id='introduction'>Introduction</h1><h2 id='consumer-data-right'>Consumer Data Right</h2>
<p>The Australian Government is introducing a Consumer Data Right (CDR) to give consumers more control over their data.<br>
The CDR will be rolled out sector-by-sector across the economy, starting with the banking sector.<br>
The Government has announced that the energy and telecommunications sectors will follow banking.</p>

<p>Further information on the CDR is available on the Treasury website:<br>
<a href="https://treasury.gov.au/consumer-data-right">https://treasury.gov.au/consumer-data-right</a></p>
<h2 id='accc-39-s-role'>ACCC&#39;s Role</h2>
<p>The ACCC is the lead regulator for the CDR regime, and has roles and functions that include:</p>

<ul>
<li><p>accrediting entities to receive data;</p></li>
<li><p>managing an online register of accredited data recipients and data holders;</p></li>
<li><p>providing guidance on the CDR; and</p></li>
<li><p>compliance and enforcement activities.</p></li>
</ul>

<p>Further information on the ACCC’s role in the CDR is available on the ACCC’s website:<br>
<a href="https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0">https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0</a></p>
<h2 id='data-standards-body'>Data Standards Body</h2>
<p>A Data Standards Body (DSB) is responsible for assisting Mr Andrew Stevens, the Data Standards Chair, in the development of common technical standards to allow Australians to access data held about them by businesses and direct its safe transfer to others.  </p>

<p>Further information on the DSB is available on its website:<br>
<a href="https://consumerdatastandards.org.au">https://consumerdatastandards.org.au</a></p>
<h2 id='future-dated-obligations'>Future Dated Obligations</h2>
<p>The CDR Register design publishes content, explicitly specified, which will not take effect until a future date or may cease to have effect on some future date.
The table below highlights these areas of the standards.</p>

<table><thead>
<tr>
<th>Section</th>
<th>Description</th>
<th>Applicable Date</th>
</tr>
</thead><tbody>
<tr>
<td><a href="#dynamic-client-registration"><strong>Dynamic Client Registration</strong></a></td>
<td>Introduces the new metadata field <code>recipient_base_uri</code> used to facilitate the ADR <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">CDR Arrangement Management End Point</a>. This change deprecates the ADR <code>revocation_uri</code> field which becomes optional</td>
<td>November 2020</td>
</tr>
<tr>
<td><a href="#dynamic-client-registration"><strong>Dynamic Client Registration</strong></a></td>
<td><code>recipient_base_uri</code> becomes mandatory, <code>revocation_uri</code> field remains optional</td>
<td>February 2021</td>
</tr>
<tr>
<td><a href="#certificate-management"><strong>Certificate Management</strong></a></td>
<td>Introduces the ADR <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">CDR Arrangement Revocation End Point</a> which is secured with either a public or ACCC CA issued certificate</td>
<td>November 2020</td>
</tr>
<tr>
<td><a href="#getdatarecipients"><strong>GetDataRecipients</strong></a></td>
<td>Updates <code>GetDataRecipients</code> to include the accreditationNumber in the response</td>
<td>November 2020</td>
</tr>
<tr>
<td><a href="#dynamic-client-registration"><strong>Dynamic Client Registration</strong></a></td>
<td>Introduces the new optional metadata fields <code>sector_identifier_uri</code>, <code>legal_entity_id</code> and <code>legal_entity_name</code></td>
<td>July 2021</td>
</tr>
<tr>
<td><a href="#dynamic-client-registration"><strong>Dynamic Client Registration</strong></a></td>
<td>Corrects the new optional metadata fields <code>software_roles</code></td>
<td>July 2021</td>
</tr>
<tr>
<td><a href="#dynamic-client-registration"><strong>Dynamic Client Registration</strong></a></td>
<td>Updates the scopes field to include <code>openid</code> and <code>profile</code></td>
<td>July 2021</td>
</tr>
<tr>
<td><a href="#dynamic-client-registration"><strong>Dynamic Client Registration</strong></a></td>
<td>Changes <code>request_object_signing_alg</code> to required in the <a href="#tocSregistrationproperties">DCR API RegistrationProperties</a> schema</td>
<td>July 2021</td>
</tr>
</tbody></table>
<h1 id='consultation-outline'>Consultation outline</h1>
<p>The ACCC is using this website as a tool to consult on aspects of the design and implementation of the register of CDR participants (the CDR Register). The ACCC is seeking comments from interested stakeholders. </p>
<h2 id='consultation-rules-of-engagement'>Consultation rules of engagement</h2>
<p>The ACCC intends to conduct public consultation on the CDR Register. Questions or comments that participants might ask us via email or private message are likely to be questions or comments other participants have as well. Our answers will be of interest to everyone. There are likely to be experiences and lessons everybody working in this ecosystem can learn from. Having these conversations transparently helps reduce duplication, resolve issues faster and keep everyone up to date with the conversation.</p>

<p>We ask that all contributors to the CDR Register GitHub comply with the <a href="https://help.github.com/en/articles/github-community-forum-code-of-conduct">GitHub Community Forum Code of Conduct</a>.  </p>

<p>In addition, it would be appreciated if the following rules are adhered to when commenting or contributing:</p>

<ul>
<li>  For transparency, if you work at or are associated with an organisation with an interest in the Consumer Data Right, please indicate this in your response.</li>
<li>  Please ensure you are aware of and compliant with any social media guidelines or internal processes for response set by your organisation before providing feedback.</li>
</ul>

<p>The ACCC will be actively monitoring and reviewing any comments/responses which are provided, however will not be responding to individual comments. 
Depending on the number of responses/comments we get, we will assess what the most efficient and effective way to engage with the community is, noting that we want this to be a collaborative effort.</p>

<p><a href="https://github.com/cdr-register/register">CDR Register on GitHub</a></p>
<h2 id='feedback-sought'>Feedback sought</h2>
<p>To guide responses and comments, we are seeking input which will assist us in ensuring that the Register designs meets the needs of the overarching CDR ecosystem. The focus should be on validating the designs, and providing any necessary context and reasoning. </p>
<h1 id='consumer-data-right-register'>Consumer Data Right Register</h1>
<p>The ACCC will perform the role of the CDR Registrar. The CDR Registrar will have the function of maintaining the Register of Accredited Persons (the Register) who have been granted accreditation by the ACCC in its capacity as Data Recipient Accreditor. Accredited persons become Accredited Data Recipients upon receipt of CDR data.</p>

<p>The Register will also include information about Data Holders. Information about Accredited Data Recipients and Data Holders recorded in the Register will be made available to the public in accordance with the CDR rules. Additional information held in the Register will be available to accredited data recipients and data holders.</p>
<h2 id='ecosystem-entities'>Ecosystem Entities</h2><h3 id='cdr-consumer'>CDR consumer</h3>
<p>A consumer, as defined in the CDR rules, who is able to a make a request for disclosure of CDR data to themselves or to an accredited data recipient</p>
<h3 id='data-holder'>Data Holder</h3>
<p>A person who holds designated CDR data and is required by the CDR rules to disclose product and consumer data</p>
<h3 id='data-holder-brand'>Data Holder Brand</h3>
<p>An individual name that is used to collectively identify CDR data sets held by a Data Holder.  This will be aligned to, and may or may not be the same as a business name that is registered to the Legal Entity who is the Data Holder</p>

<p>Data Holders would typically have one or more brands within the Consumer Data Right</p>
<h3 id='accredited-data-recipient'>Accredited Data Recipient</h3>
<p>A person that has been granted accreditation by the ACCC and is able to collect, and receives, CDR data about a CDR consumer from a data holder with the consent of the consumer</p>
<h3 id='accredited-data-recipient-brand'>Accredited Data Recipient Brand</h3>
<p>An individual name that is used to collectively identify a set of products and/or services offered by an Accredited Data Recipient.  This will be aligned to, and may or may not be the same as a business name that is registered to the Legal Entity who is the Accredited Data Recipient</p>

<p>Data Recipients would typically have one or more brands within the Consumer Data Right</p>
<h3 id='software-product'>Software Product</h3>
<p>Accredited Data Recipients create Software Products which provide consumers the ability to get insight into their data held by Data Holders</p>

<p>Accredited Data Recipients would typically have one or more products within the Consumer Data Right</p>
<h3 id='entity-relationship-diagram'>Entity Relationship Diagram</h3>
<p>The following is a logical model of the entities exposed to participants through the Register APIs</p>

<p><img class=medium-image src="images/EntityRelationships.png" ></img></p>
<h3 id='identifiers'>Identifiers</h3>
<p>The identifiers outlined in the Ecosystem entities diagram map to Client Registration and APIs defined in this documentation.</p>

<table><thead>
<tr>
<th>Identifier</th>
<th>Mapping</th>
</tr>
</thead><tbody>
<tr>
<td><strong>legalEntityId</strong></td>
<td>Identifier in <a href="#tocSlegalentitydetail">LegalEntityDetail</a> schema returned as part of <a href="#getdataholderbrands">GetDataHolderBrands API</a> </br> Identifier in <a href="#tocSregisterdatarecipient">RegisterDataRecipient</a> schema returned as part of <a href="#getdatarecipients">GetDataRecipients API</a></td>
</tr>
<tr>
<td><strong>dataRecipientId</strong></td>
<td>Identifier in <a href="#tocSdatarecipientstatus">DataRecipientStatus</a> schema returned as part of <a href="#getdatarecipients">GetDataRecipients API</a>. This is the equivalent to the <code>legalEntityId</code> described above </br></td>
</tr>
<tr>
<td><strong>dataHolderBrandId</strong></td>
<td>Identifier in <a href="#tocSregisterdataholderbrand">RegisterDataHolderBrands</a> schema returned as part of <a href="#getdataholderbrands">GetDataHolderBrands API</a> </br></td>
</tr>
<tr>
<td><strong>dataRecipientBrandId</strong></td>
<td><code>org_id</code> claim as defined in the <a href="#dynamic-client-registration">SSA Definition</a> </br>  Identifier in <a href="#tocSdatarecipientbrandmetadata">DataRecipientsBrandMetaData</a> schema returned as part of <a href="#getdatarecipients">GetDataRecipients API</a></br>Identifier used as a parameter to the <a href="#getsoftwarestatementassertion-ssa">GetSoftwareStatementAssertion API</a></td>
</tr>
<tr>
<td><strong>softwareProductId</strong></td>
<td><code>software_id</code> claim as defined in the <a href="#dynamic-client-registration">SSA Definition</a> </br> <code>iss</code> claim as defined in the <a href="#registration-request-using-jwt">Registration Request</a> </br>Identifier used as a parameter to the <a href="#getsoftwarestatementassertion-ssa">GetSoftwareStatementAssertion API</a></td>
</tr>
</tbody></table>
<h2 id='participant-brands'>Participant Brands</h2>
<p>The CDR Register has been designed to accommodate a multitude of organisational business models using the concept of brands (<strong>Data Holder Brands</strong> and <strong>Accredited Data Recipient Brands</strong>). This brands flexibility requires participants to understand how different configurations will be presented at the CDR Register.</p>

<p>A dedicated support article has been written on this topic: <a href="https://cdr-support.zendesk.com/hc/en-us/articles/900005881263-Brands-in-the-Consumer-Data-Right-Ecosystem">Brands in the Consumer Data Right Ecosystem</a></p>
<h2 id='ecosystem-component-diagram'>Ecosystem Component Diagram</h2>
<p>The following is a high level overview of the CDR ecosystem outlining the components and API endpoints each participant within the ecosystem will be expected to implement.</p>

<p>Note that ADRs are expected to have one or more Software Products consuming CDR data.</p>

<p><img src="images/FullComponentDiagram.png" alt="Fullcomponentdiagram" /></p>
<h2 id='data-holder-2'>Data Holder</h2>
<table><thead>
<tr>
<th>Component</th>
<th>Responsibility</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Identity Provider</strong></td>
<td>Provides identity services to the Data Holder’s platform for identifying Accredited Data Recipients and the CDR Register</td>
</tr>
<tr>
<td><strong>Authorisation and Consent Manager</strong></td>
<td>Provides authorisation functionality to the consumer including consent withdrawal propagation to the relevant Accredited Data Recipients</td>
</tr>
<tr>
<td><strong>Secrets Manager</strong></td>
<td>Provides key management for issuance/rotation of JWKs &amp; certificates and storing of authorisations</td>
</tr>
<tr>
<td><strong>Standards Platform</strong></td>
<td>Exposes banking, consumer and product data to Accredited Data Recipients as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-banking-apis">Banking APIs</a> and <a href="https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-common-apis">Common APIs</a></td>
</tr>
<tr>
<td><strong>MetaData Cache</strong></td>
<td>Cache of discovered Accredited Data Recipients and their associated Software Products within the CDR ecosystem. Caching rules and logic are described at: <a href="#metadata-cache-management">Metadata Cache Management</a></td>
</tr>
<tr>
<td><strong>Metrics</strong></td>
<td>Facilitates <a href="https://consumerdatastandardsaustralia.github.io/standards/#get-metrics">Get Metrics</a> requests from the CDR Register as per the Consumer Data Standards. Data Holders must report this information separately for each of their brands. The CDR Register will therefore collect these metrics per Data Holder Brand.</td>
</tr>
<tr>
<td><strong>Authorisation Dashboard</strong></td>
<td>The Dashboard provided to the consumer to view their current sharing authorisations with the Data Holder. The dashboard also provides the functionality to explicitly withdraw these authorisations with this Data Holder. Details can be found in the <a href="https://consumerdatastandards.org.au/cx-standards">CX Guidelines</a></td>
</tr>
</tbody></table>

<table><thead>
<tr>
<th>API</th>
<th>Responsibility</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Banking APIs</strong></td>
<td>APIs exposing banking data as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-banking-apis">Banking APIs</a></td>
</tr>
<tr>
<td><strong>Common APIs</strong></td>
<td>APIs exposing common data as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-common-apis">Common APIs</a></td>
</tr>
<tr>
<td><strong>InfoSec APIs</strong></td>
<td>APIs exposing endpoints to facilitate the InfoSec profile as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Endpoints</a></td>
</tr>
<tr>
<td><strong>Registration APIs</strong></td>
<td>APIs exposing dynamic registration endpoints as described at <a href="#dynamic-client-registration">Dynamic Client Registration</a></td>
</tr>
<tr>
<td><strong>Admin APIs</strong></td>
<td>APIs exposing metrics data as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#admin-apis">Admin APIs</a></td>
</tr>
</tbody></table>
<h2 id='accredited-data-recipient-2'>Accredited Data Recipient</h2>
<table><thead>
<tr>
<th>Component</th>
<th>Responsibility</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Software Application(s)</strong></td>
<td>One or more consumer facing applications provided by the Accredited Data Recipient</td>
</tr>
<tr>
<td><strong>Application Platform</strong></td>
<td>Accredited Data Recipient’s application platform which requests consumer and product data from Data Holders as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-banking-apis">Banking APIs</a> and <a href="https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-common-apis">Common APIs</a></td>
</tr>
<tr>
<td><strong>Consent Manager</strong></td>
<td>Provides consent functionality to the consumer including consent withdrawal propagation to the relevant Data Holder</td>
</tr>
<tr>
<td><strong>Secrets Manager</strong></td>
<td>Provides key management for issuance/rotation of JWKS &amp; certificates and storing of consents</td>
</tr>
<tr>
<td><strong>MetaData Cache</strong></td>
<td>Cache of discovered Data Holders within the CDR ecosystem. Caching rules and logic are described at: <br> <a href="#metadata-cache-management">Metadata Cache Management</a></td>
</tr>
<tr>
<td><strong>Consent Dashboard</strong></td>
<td>The Dashboard provided to the consumer to view the consents given to this Accredited Data Recipient to collect and use CDR data. The Dashboard also provides the functionality to explicitly withdraw these consents with this Accredited Data Recipient. Details can be found in the <a href="https://consumerdatastandards.org.au/cx-standards">CX Guidelines</a></a></td>
</tr>
</tbody></table>

<table><thead>
<tr>
<th>API</th>
<th>Responsibility</th>
</tr>
</thead><tbody>
<tr>
<td><strong>InfoSec APIs</strong></td>
<td>APIs exposing endpoints to facilitate the InfoSec profile as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Endpoints</a>. This covers the revocation and CDR arrangement management endpoints, to facilitate bi-directional consent revocation as well as the Data Recipient JWKS endpoint</td>
</tr>
</tbody></table>
<h2 id='register'>Register</h2>
<p>The Register exposed APIs to satisfy the following main requirements:</p>

<p><strong>1.</strong> Facilitates discovery of Data Holders and their endpoint details within the CDR regime</br>
<strong>2.</strong> Facilitates discovery of Data Recipient details within the CDR regime</br>
<strong>3.</strong> Provides SSAs to facilitate Dynamic Client Registration</br>
<strong>4.</strong> Provides public JWKS to assert SSAs are trusted by the CDR Register</br>
<strong>5.</strong> Collect ecosystem metrics from participating Data Holders as per the Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#get-metrics">Get Metrics</a></br></p>

<table><thead>
<tr>
<th>API</th>
<th>Responsibility</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Discovery APIs (DH &amp; DR)</strong></td>
<td>APIs exposing the discovery of Data Holder Brands and Data Recipients within the CDR regime. </br>APIs are described at: <a href="#getdataholderbrands">GetDataHolderBrands</a>, <a href="#getdatarecipients">GetDataRecipients</a></td>
</tr>
<tr>
<td><strong>Status APIs</strong></td>
<td>APIs exposing the statuses of Accredited Data Recipients and associated Software Products within the CDR regime. </br>APIs are described at: <a href="#getdatarecipientsstatus">GetDataRecipientsStatus</a>, <a href="#getsoftwareproductsstatus">GetSoftwareProductsStatus</a></td>
</tr>
<tr>
<td><strong>SSA API</strong></td>
<td>API exposing the retrieval of SSAs used by Accredited Data Recipients to register with Data Holders within the CDR regime. </br>API is described at: <a href="#getsoftwarestatementassertion-ssa">GetSoftwareStatementAssertion</a></td>
</tr>
<tr>
<td><strong>InfoSec APIs</strong></td>
<td>API exposing endpoints to facilitate OIDC as well as exposing Register public JWKS used to verify the signature of SSA payloads. Further details are available at:  <a href="#dynamic-client-registration">Dynamic Client Registration</a></td>
</tr>
</tbody></table>
<h2 id='certificate-authority'>Certificate Authority</h2>
<p>The CDR Register will be using DigiCert as the ACCC endorsed Certificate Authority. Further details on certificate management can be found at:
<a href="#certificate-management">Certificate Management</a></p>
<h1 id='intermediaries'>Intermediaries</h1>
<p>The CDR Register design accommodates intermediaries within the CDR ecosystem.</p>
<h2 id='collection-arrangements'>Collection Arrangements</h2>
<p>Collection arrangements allow for outsourced service providers (’provider’) that are accredited to collect CDR data on behalf of another accredited person (‘principal’).  An ‘outsourcing arrangement’ as provided for in the rules will need to be in place between the provider and the principal.</p>

<p>For a reference on how these rules may be implemented, a technical commentary has been published on the <a href="https://cdr-support.zendesk.com/hc/en-us/articles/900003114503-Collection-Arrangement">CDR Support Portal</a></p>
<h3 id='responsibilities'>Responsibilities</h3>
<p>The process of collecting consumer data involves a number of functions. Collection arrangements allow for the responsibilities of these to be assigned to either the provider or principal.</p>

<p><img src="images/ComponentDiagramCollectionArrangement.png" ></img></p>

<p>This diagram models how the scope of responsibilities MAY be split between a principal and a provider collecting on the principal’s behalf. A subset of the principal’s responsibilities can therefore be handled by the provider, allowing them to:</p>

<ul>
<li>specialise in the security and functional requirements of participating in the CDR; and</li>
<li>achieve economies of scale when becoming multi-tenanted and servicing multiple principals in the ecosystem.</li>
</ul>
<h3 id='authentication-with-the-cdr-register'>Authentication with the CDR Register</h3>
<p>Authentication with the Register has been enhanced to allow authentication using the <code>data_recipient_brand_id</code>  to alternatively authenticating with the <code>software_product_id</code>.
This change allows the provider to have the capability to maintain the software product and associated registrations on behalf of an accredited data recipient principal.</p>

<p>Please refer to the <a href="#client-authentication">Client Authentication</a> section for further details.</p>
<h3 id='accreditation-status-discovery'>Accreditation Status Discovery</h3>
<p>The status of a software product, managed within a collection arrangement, will be coupled to the accreditation status of both the principal and provider in this arrangement.</p>

<p>To achieve this, cascade rules for software product statuses, as defined in <a href="#accredited-data-recipient-and-software-product-statuses">Status Mapping</a>, will be defined for a collection arrangement as follows:</p>

<table><thead>
<tr>
<th>Provider Status</th>
<th>Principal Status</th>
<th>Cascaded Principal SP Status</th>
</tr>
</thead><tbody>
<tr>
<td>Active</td>
<td>Active</td>
<td>Active</td>
</tr>
<tr>
<td>Suspended</td>
<td>Active</td>
<td>Inactive</td>
</tr>
<tr>
<td>Revoked</td>
<td>Active</td>
<td>Inactive</td>
</tr>
<tr>
<td>Surrendered</td>
<td>Active</td>
<td>Inactive</td>
</tr>
<tr>
<td>Any</td>
<td>Suspended</td>
<td>Inactive</td>
</tr>
<tr>
<td>Any</td>
<td>Revoked</td>
<td>Removed</td>
</tr>
<tr>
<td>Any</td>
<td>Surrendered</td>
<td>Removed</td>
</tr>
</tbody></table>
<h1 id='client-registration'>Client Registration</h1><h2 id='dynamic-client-registration'>Dynamic Client Registration</h2>
<p>Accredited Data Recipient Software Products within the Consumer Data Right will dynamically register with one or more Data Holders, to obtain client credentials used to retrieve consumer data on behalf of a consumer.</p>

<p>The CDR Registration model follows standard <a href="https://tools.ietf.org/html/rfc7591"><strong>[RFC7591]</strong></a> and is derived from <a href="https://openbanking.atlassian.net/wiki/spaces/DZ/pages/36667724/The+OpenBanking+OpenID+Dynamic+Client+Registration+Specification+-+v1.0.0-rc2"><strong>Open Banking UK model</strong></a> with design input from the <a href="https://github.com/cdr-register/register/files/3577911/ABA_RESPONSE_DYvS_SA_05092019_Appendix.pdf"><strong>ABA</strong></a></p>

<p><strong>Pre-Requisites:</strong> Prior to Client Registration, the registering Data Recipient must be accredited and the associated Software Product must be configured within the CDR Register</p>
<h3 id='software-statement-assertion-ssa-design'>Software Statement Assertion (SSA) Design</h3>
<p>A Software Statement is defined in <strong>[RFC7591]</strong> as:
A digitally signed JSON Web Token (JWT) <strong>[RFC7519]</strong> that asserts metadata values about the client software</p>

<p>Within the Consumer Data Right, the CDR Register will issue Software Statements for Accredited Data Recipient Software Products</p>

<p>The trust relationship the authorization server has with the issuer of the software statement is to be used as an input to the evaluation of whether the registration request is accepted.</p>

<p>A software statement is presented by Accredited Data Recipient’s Software Product to Data Holder’s authorisation server as part of a client registration request.</p>

<p>An SSA will be issued for each <em>active</em> Software Product and is retrievable using the CDR Register <a href="#getsoftwarestatementassertion-ssa">GetSoftwareStatementAssertion API</a></p>
<h3 id='namespacing'>Namespacing</h3>
<p>The design will conform to <strong>[RFC7591]</strong> and will not use the software namespace convention as used in the Open Banking UK Dynamic Registration Standard</p>
<h3 id='digital-signing-algorithm'>Digital Signing Algorithm</h3>
<p>Conforming to <strong>[FAPI-RW]</strong>, SSAs will be signed on the CDR Register using <strong>PS256</strong></p>
<h3 id='ssa-lifetime'>SSA Lifetime</h3>
<table><thead>
<tr>
<th>Method</th>
<th>Lifetime (mins)</th>
<th>Notes</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Obtain via API</strong></td>
<td>10</td>
<td>The intention here is this should be sufficient time to </br>batch register with all relevant Data Holders</td>
</tr>
</tbody></table>
<h3 id='ssa-definition'>SSA Definition</h3>
<blockquote>
<p>Example SSA:</p>
</blockquote>
<pre class="highlight plaintext"><code>eyJhbGciOiJQUzI1NiIsImtpZCI6ImI4ZmFjZjJmZjM5NDQ0Zjc4MWUwYmU1ZGI0YjE0ZjE2IiwidHlwIjoiSldUIn0.ew0KICAiaXNzIjogImNkci1yZWdpc3RlciIsDQogICJpYXQiOiAxNTcxODA4MTY3LA0KICAiZXhwIjogMjE0NzQ4MzY0NiwNCiAgImp0aSI6ICIzYmMyMDVhMWViYzk0M2ZiYjYyNGIxNGZjYjI0MTE5NiIsDQogICJvcmdfaWQiOiAiM0IwQjBBN0ItM0U3Qi00QTJDLTk0OTctRTM1N0E3MUQwN0M4IiwNCiAgIm9yZ19uYW1lIjogIk1vY2sgQ29tcGFueSBJbmMuIiwNCiAgImNsaWVudF9uYW1lIjogIk1vY2sgU29mdHdhcmUiLA0KICAiY2xpZW50X2Rlc2NyaXB0aW9uIjogIkEgbW9jayBzb2Z0d2FyZSBwcm9kdWN0IGZvciB0ZXN0aW5nIFNTQSIsDQogICJjbGllbnRfdXJpIjogImh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdSIsDQogICJyZWRpcmVjdF91cmlzIjogWw0KICAgICJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvcmVkaXJlY3RzL3JlZGlyZWN0MSIsDQogICAgImh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9yZWRpcmVjdHMvcmVkaXJlY3QyIg0KICBdLA0KICAibG9nb191cmkiOiAiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L2xvZ29zL2xvZ28xLnBuZyIsDQogICJ0b3NfdXJpIjogImh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS90b3MuaHRtbCIsDQogICJwb2xpY3lfdXJpIjogImh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9wb2xpY3kuaHRtbCIsDQogICJqd2tzX3VyaSI6ICJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvandrcyIsDQogICJyZXZvY2F0aW9uX3VyaSI6ICJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvcmV2b2NhdGlvbiIsDQogICJzb2Z0d2FyZV9pZCI6ICI3NDBDMzY4Ri1FQ0Y5LTREMjktQTJFQS0wNTE0QTY2QjBDREUiLA0KICAic29mdHdhcmVfcm9sZXMiOiAiZGF0YS1yZWNpcGllbnQtc29mdHdhcmUtcHJvZHVjdCIsDQogICJzY29wZSI6ICJiYW5rOmFjY291bnRzLmJhc2ljOnJlYWQgYmFuazphY2NvdW50cy5kZXRhaWw6cmVhZCBiYW5rOnRyYW5zYWN0aW9uczpyZWFkIGJhbms6cGF5ZWVzOnJlYWQgYmFuazpyZWd1bGFyX3BheW1lbnRzOnJlYWQgY29tbW9uOmN1c3RvbWVyLmJhc2ljOnJlYWQgY29tbW9uOmN1c3RvbWVyLmRldGFpbDpyZWFkIg0KfQ.ZNKe8aBHcsZ_OfdP0GvUa0AHrjcoC0Coky4jQHrPsRoG3YMcS2XG9JtyB5zq-AMOQoaib1Ijx1m7B-JOEbVcnNJcLUZeVEIwnP8hRssAnGjWwaYGUAiY-DEFUsuXqpQWgyIOFz84W-FaHFcqpOSGxjGmjICZU9S1Pl4o8b5poA_kJ2n_wdiOBUG4xl3uXqzK_vstcGXbAubFyLhjOxhc_rqONO2NCtpyCwj83Zqi7Ve_A27-ty5N0AQa2xYWvjDt_Xh8xcxRI_ih7_sStvDTTy3gtyX5bAdXsDsweCcvN0d2vOCpm6-dnr8D1fXDTnlT3x2uQ0XAysWr6wU4mAZFVA
</code></pre>
<blockquote>
<p>Associated JWKS:</p>
</blockquote>
<pre class="highlight plaintext"><code>{
  "keys": [
    {
      "kid": "b8facf2ff39444f781e0be5db4b14f16",
      "kty": "RSA",
      "key_ops": [
        "sign",
        "verify"
      ],
      "n": "s0zGoaOEJE8HDfHjWtO0xLXtuPcwio8BEoj0-uu9kxxDIF7jH0jb06EwoPkb83BET59x6C0TtRfc_I5ZDksQKRClWXzbazqi62M5YhCgwyB-S09PJb8P1GfQBYyK346nLKARHbFJ1t1SHARcVFJA_8NeHfQn_0fyEc55R3GGNDL3YQtjEoTb-LMR-KpcPB2BpyDuie-jk-3f1t0EfvnkVp-6co1_KTXrbwuYtH31YBZLgU4JeZEJLTnGdMKmJppZ9SnyrBB461hMmw0HJHJj6uZJSiP2onmvlrUezv1T3NM3HOE7WHxlps9MUJj3vcpea-O6n5JBX8emTduLuLuKuw",
      "e": "AQAB"
    }
  ]
}
</code></pre>
<blockquote>
<p>Decoded SSA</p>
</blockquote>
<pre class="highlight plaintext"><code>{
  "alg": "PS256",
  "kid": "b8facf2ff39444f781e0be5db4b14f16",
  "typ": "JWT"
}

{
  "iss": "cdr-register",
  "iat": 1571808167,
  "exp": 2147483646,
  "jti": "3bc205a1ebc943fbb624b14fcb241196",
  "legal_entity_id": "3B0B0A7B-3E7B-4A2C-9497-E357A71D07C7",
  "legal_entity_name": "Mock Company Pty Ltd.",
  "org_id": "3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8",
  "org_name": "Mock Company Brand",
  "client_name": "Mock Software",
  "client_description": "A mock software product for testing SSA",
  "client_uri": "https://www.mockcompany.com.au",
  "redirect_uris": [
    "https://www.mockcompany.com.au/redirects/redirect1",
    "https://www.mockcompany.com.au/redirects/redirect2"
  ],
  "sector_identifier_uri": "https://www.mockcompany.com.au/sector_identifier",
  "logo_uri": "https://www.mockcompany.com.au/logos/logo1.png",
  "tos_uri": "https://www.mockcompany.com.au/tos.html",
  "policy_uri": "https://www.mockcompany.com.au/policy.html",
  "jwks_uri": "https://www.mockcompany.com.au/jwks",
  "revocation_uri": "https://www.mockcompany.com.au/revocation",
  "recipient_base_uri": "https://www.mockcompany.com.au",
  "software_id": "740C368F-ECF9-4D29-A2EA-0514A66B0CDE",
  "software_roles": "data-recipient-software-product",
  "scope":
        "openid
         profile
         bank:accounts.basic:read
         bank:accounts.detail:read
         bank:transactions:read
         bank:payees:read
         bank:regular_payments:read
         common:customer.basic:read
         common:customer.detail:read
         cdr:registration"
}

</code></pre>
<div class="cdr-tabs">
  <div class="cdr-tab-body">
    <label for="cdr-tab-body-1">From 1st Nov 2020</label>
    <input id="cdr-tab-body-1" name="cdr-tabs-input" type="radio" >
    <div class="cdr-tab-contents">
      <table><thead>
<tr>
<th>Client Metadata</th>
<th>Required</th>
<th>Modifiable</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><strong>iss</strong></td>
<td>Required</td>
<td></td>
<td>Contains the <code>iss</code> (issuer) claim denoting the party attesting to the claims in the software statement</br><strong>value: &quot;cdr-register&quot;</strong></td>
</tr>
<tr>
<td><strong>iat</strong></td>
<td>Required</td>
<td></td>
<td>The time at which the request was issued by the CDR Register, expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td><strong>exp</strong></td>
<td>Required</td>
<td></td>
<td>The time at which the SSA expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td><strong>jti</strong></td>
<td>Required</td>
<td></td>
<td>Unique identifier for the JWT, used to prevent reuse of the SSA.</td>
</tr>
<tr>
<td><strong>org_id</strong></td>
<td>Required</td>
<td></td>
<td>A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Brand</td>
</tr>
<tr>
<td><strong>org_name</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Human-readable string name of the Accredited Data Recipient Brand to be presented to the end user during authorization</td>
</tr>
<tr>
<td><strong>client_name</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Human-readable string name of the software product to be presented to the end-user during authorization</td>
</tr>
<tr>
<td><strong>client_description</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Human-readable string name of the software product description to be presented to the end user during authorization</td>
</tr>
<tr>
<td><strong>client_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URL string of a web page providing information about the client</td>
</tr>
<tr>
<td><strong>redirect_uris</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Array of redirection URI strings for use in redirect-based flows</td>
</tr>
<tr>
<td><strong>logo_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URL string that references a logo for the client software product. The server SHOULD display this image to the end-user during approval</td>
</tr>
<tr>
<td><strong>tos_uri</strong></td>
<td>Optional</td>
<td><i class="icon-check"></i></td>
<td>URL string that points to a human-readable terms of service document for the Software Product</td>
</tr>
<tr>
<td><strong>policy_uri</strong></td>
<td>Optional</td>
<td><i class="icon-check"></i></td>
<td>URL string that points to a human-readable policy document for the Software Product</td>
</tr>
<tr>
<td><strong>jwks_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URL string referencing the client&#39;s JSON Web Key (JWK) Set <strong>[RFC7517]</strong> document, which contains the client&#39;s public keys</td>
</tr>
<tr>
<td><strong>revocation_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URI string that references the location of the Software Product consent revocation endpoint as per Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Endpoints</a></td>
</tr>
<tr>
<td><strong>recipient_base_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Base URI for the Consumer Data Standard data recipient endpoints. This should be the base to provide reference to all other <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Data Recipient Endpoints</a> </br> <strong>Scheduled for Nov 2020</strong></td>
</tr>
<tr>
<td><strong>software_id</strong></td>
<td>Required</td>
<td></td>
<td>String representing a unique identifier assigned by the ACCC Register and used by registration endpoints to identify the software product to be dynamically registered. </br></br>The <code>software_id</code> will remain the same across multiple updates or versions of the same piece of software.</br>The <code>software_id</code> should be used as the primary external identifier for the client to prevent duplicate client registrations</td>
</tr>
<tr>
<td><strong>software_roles</strong></td>
<td>Required</td>
<td></td>
<td>String containing a role of the software in the CDR Regime. Initially the only value used with be <strong>“data-recipient-software-product”</strong></td>
</tr>
<tr>
<td><strong>scope</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>String containing a space-separated list of scope values that the client can use when requesting access tokens. </br>These CDS scope values are defined at: <a href="https://consumerdatastandardsaustralia.github.io/standards/#authorisation-scopes">Authorisation Scopes</a></br>The DCR scope value is defined at: <a href="#client-registration-management">Client Registration Management</a></td>
</tr>
</tbody></table>

<ul>
<li><p><strong>Nov 2020:</strong> the <code>revocation_uri</code> becomes <strong>optional</strong> and <code>recipient_base_uri</code> will be introduced as <strong>required</strong></p></li>
<li><p><strong>Feb 2021:</strong> the <code>revocation_uri</code> remains <strong>optional</strong> and <code>recipient_base_uri</code> will remain <strong>required</strong></p></li>
<li><p>Deprecation of the <code>revocation_uri</code> from the SSA will be planned for a future release of the CDR Register design</p></li>
</ul>

    </div>
  </div>
  <div class="cdr-tab-body">
      <label for="cdr-tab-body-2">From July 1st 2021</label>
      <input id="cdr-tab-body-2" name="cdr-tabs-input" type="radio" checked="checked">
      <div class="cdr-tab-contents">
        <table><thead>
<tr>
<th>Client Metadata</th>
<th>Required</th>
<th>Modifiable</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><strong>iss</strong></td>
<td>Required</td>
<td></td>
<td>Contains the <code>iss</code> (issuer) claim denoting the party attesting to the claims in the software statement</br><strong>value: &quot;cdr-register&quot;</strong></td>
</tr>
<tr>
<td><strong>iat</strong></td>
<td>Required</td>
<td></td>
<td>The time at which the request was issued by the CDR Register, expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td><strong>exp</strong></td>
<td>Required</td>
<td></td>
<td>The time at which the SSA expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td><strong>jti</strong></td>
<td>Required</td>
<td></td>
<td>Unique identifier for the JWT, used to prevent reuse of the SSA.</td>
</tr>
<tr>
<td><strong>legal_entity_id</strong></td>
<td>Optional</td>
<td></td>
<td>A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Legal Entity </br> <strong>Scheduled for July 2021</strong></td>
</tr>
<tr>
<td><strong>legal_entity_name</strong></td>
<td>Optional</td>
<td></td>
<td>Human-readable string name of the Accredited Data Recipient Legal Entity </br> <strong>Scheduled for July 2021</strong></td>
</tr>
<tr>
<td><strong>org_id</strong></td>
<td>Required</td>
<td></td>
<td>A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Brand</td>
</tr>
<tr>
<td><strong>org_name</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Human-readable string name of the Accredited Data Recipient Brand to be presented to the end user during authorization</td>
</tr>
<tr>
<td><strong>client_name</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Human-readable string name of the software product to be presented to the end-user during authorization</td>
</tr>
<tr>
<td><strong>client_description</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Human-readable string name of the software product description to be presented to the end user during authorization</td>
</tr>
<tr>
<td><strong>client_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URL string of a web page providing information about the client</td>
</tr>
<tr>
<td><strong>redirect_uris</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Array of redirection URI strings for use in redirect-based flows</td>
</tr>
<tr>
<td><strong>sector_identifier_uri</strong></td>
<td>Optional</td>
<td><i class="icon-check"></i></td>
<td>URL string referencing the client&#39;s sector identifier URI, used as an optional input to the Pairwise Identifier as described in described in <a href="https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">section 8</a> of <strong>[OIDC]</strong>.  </br> <strong>Scheduled for July 2021</strong></td>
</tr>
<tr>
<td><strong>logo_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URL string that references a logo for the client software product. The server SHOULD display this image to the end-user during approval</td>
</tr>
<tr>
<td><strong>tos_uri</strong></td>
<td>Optional</td>
<td><i class="icon-check"></i></td>
<td>URL string that points to a human-readable terms of service document for the Software Product</td>
</tr>
<tr>
<td><strong>policy_uri</strong></td>
<td>Optional</td>
<td><i class="icon-check"></i></td>
<td>URL string that points to a human-readable policy document for the Software Product</td>
</tr>
<tr>
<td><strong>jwks_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URL string referencing the client&#39;s JSON Web Key (JWK) Set <strong>[RFC7517]</strong> document, which contains the client&#39;s public keys</td>
</tr>
<tr>
<td><strong>revocation_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>URI string that references the location of the Software Product consent revocation endpoint as per Consumer Data Standards <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Endpoints</a></td>
</tr>
<tr>
<td><strong>recipient_base_uri</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>Base URI for the Consumer Data Standard data recipient endpoints. This should be the base to provide reference to all other <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Data Recipient Endpoints</a></td>
</tr>
<tr>
<td><strong>software_id</strong></td>
<td>Required</td>
<td></td>
<td>String representing a unique identifier assigned by the ACCC Register and used by registration endpoints to identify the software product to be dynamically registered. </br></br>The <code>software_id</code> will remain the same across multiple updates or versions of the same piece of software.</br>The <code>software_id</code> should be used as the primary external identifier for the client to prevent duplicate client registrations</td>
</tr>
<tr>
<td><strong>software_roles</strong></td>
<td>Required</td>
<td></td>
<td>String containing a role of the software in the CDR Regime. Initially the only value used with be <strong>“data-recipient-software-product”</strong></td>
</tr>
<tr>
<td><strong>scope</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td>String containing a space-separated list of scope values that the client can use when requesting access tokens. </br>These CDS scope values are defined at: <a href="https://consumerdatastandardsaustralia.github.io/standards/#authorisation-scopes">Authorisation Scopes</a></br>The DCR scope value is defined at: <a href="#client-registration-management">Client Registration Management</a></br></br>As per the <a href="https://consumerdatastandardsaustralia.github.io/standards/#scopes-and-claims">CDS Scopes and Claims</a>, <strong>openid</strong> and <strong>profile</strong> are included in the SSA</td>
</tr>
</tbody></table>

<ul>
<li><p><strong>July 2021:</strong> the <code>sector_identifier_uri</code> is introduced as <strong>optional</strong></p></li>
<li><p><strong>July 2021:</strong> the <code>legal_entity_id</code> and <code>legal_entity_name</code> are introduced as <strong>optional</strong></p></li>
</ul>

      </div>
    </div>
</div>
<h3 id='client-registration-considerations'>Client Registration Considerations</h3>
<p>The CDR Register will only issue SSAs for Software Products which are currently in the <strong>Active</strong> state</p>
<h3 id='sector-identifiers'>Sector Identifiers</h3>
<p>As per the <a href="https://consumerdatastandardsaustralia.github.io/standards/#identifiers-and-subject-types">Consumer Data Standards</a>, the Pairwise Pseudonymous Identifier (PPID) as described in <a href="https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">section 8</a> of <strong>[OIDC]</strong>, will use the host component of the <code>redirect_uris</code> as the sector identifier. This introduces a constraint that the <code>redirect_uris</code> must all contain the same hostname.</p>

<p>The CDR Register registration design will introduce support for the <code>sector_identifier_uri</code> in the <strong>July 2021</strong> release. Adoption will require data holder implementation and updates to Software Product registrations to update the field <code>sector_identifier_uri</code> with all data holder brands</p>

<p>For more information on <code>sector_identifier_uri</code> impacts to the ecosystem, please refer the the CDR Support article <a href="https://cdr-support.zendesk.com/hc/en-us/articles/360004324176-Data-Holder-sector-identifier-uri-Support">Data Holder sector_identifier_uri Support</a></p>
<h3 id='logos'>Logos</h3>
<p>Logos will be incorporated within the SSA to ensure there is consistency between the logos published on the Public Register and those passed to Data Holders as part of Registration</p>
<h3 id='cdr-register-ssa-signing'>CDR Register SSA Signing</h3>
<ul>
<li>SSAs will be signed by the Register</li>
<li>Register public keys will be exposed on a dedicated JWKS URI endpoint</li>
<li>CDR Register JWKS will be exposed on an unauthenticated endpoint, using TLS. This allows for distribution via CDN, increasing tolerance for Register outage</li>
<li>Endpoint details will be provided to participants during the onboarding process</li>
</ul>
<h2 id='registration-request-using-jwt'>Registration Request using JWT</h2>
<blockquote>
<p>Example Request</p>
</blockquote>
<pre class="highlight plaintext"><code>HTTP/1.1 POST /register
Content-Type: application/jwt
Accept: application/json

## Non-normative Decoded JWT
{
   "alg":"PS256",
   "typ":"JWT",
   "kid":"12456"
}
{
   "iss":"CDR Software Product ID",
   "iat":1571808167,
   "exp":2147483646,
   "jti":"37747cd1c10545699f754adf28b73e31",
   "aud":"https://secure.api.dataholder.com/issuer",
   "redirect_uris":[
      "https://www.mockcompany.com.au/redirects/redirect1",
      "https://www.mockcompany.com.au/redirects/redirect2"
   ],
   "token_endpoint_auth_signing_alg":"PS256",
   "token_endpoint_auth_method":"private_key_jwt",
   "grant_types":[
      "client_credentials",
      "authorization_code",
      "refresh_token"
   ],
   "response_types":["code id_token"],
   "application_type":"web",
   "id_token_signed_response_alg":"PS256",
   "id_token_encrypted_response_alg":"RSA-OAEP",
   "id_token_encrypted_response_enc:"A256GCM",
   "request_object_signing_alg":"PS256",
   "software_statement":…
}
{
  "signature":...
}
</code></pre>
<p>To register a Software Product with a Data Holder, the Accredited Data Recipient sends an HTTP POST to the Data Holder registration endpoint.</p>

<p>The request MUST be presented in the format of a <strong>[RFC7519]</strong> compliant JWT. The request MUST use the HTTP POST method, using the application/jwt content type.</p>

<p>The JWT MUST be signed using algorithms specified in <a href="https://openid.net/specs/openid-financial-api-part-2.html#jws-algorithm-considerations">section 8.6</a> of <strong>[FAPI-RW]</strong></p>

<p>The client registration request MUST contain the following claims in the JWT payload unless designated as Optional</p>

<table><thead>
<tr>
<th>Claim</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><strong>iss</strong></td>
<td>Required</td>
<td>Contains the identifier for the ADR Software Product (SoftwareProductId) as defined in the CDR Register</td>
</tr>
<tr>
<td><strong>iat</strong></td>
<td>Required</td>
<td>The time at which the request was issued by the Data Recipient  expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td><strong>exp</strong></td>
<td>Required</td>
<td>The time at which the request expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td><strong>jti</strong></td>
<td>Required</td>
<td>Unique identifier for the JWT, used to prevent reuse of the token.</td>
</tr>
<tr>
<td><strong>aud</strong></td>
<td>Required</td>
<td>Contains the DH issuer value as described in the <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">OIDC Discovery Document</a></td>
</tr>
<tr>
<td><strong>redirect_uris</strong></td>
<td>Optional</td>
<td>Array of redirection URI strings for use in redirect-based flows. If used, redirect_uris MUST match or be a subset of the redirect_uris as defined in the SSA</td>
</tr>
<tr>
<td><strong>token_endpoint_auth_method</strong></td>
<td>Required</td>
<td>The requested authentication method for the token endpoint. The only supported method will be <strong>private_key_jwt</strong></td>
</tr>
<tr>
<td><strong>token_endpoint_auth_signing_alg</strong></td>
<td>Required</td>
<td>The algorithm used for signing the JWT</td>
</tr>
<tr>
<td><strong>grant_types</strong></td>
<td>Required</td>
<td>Array of OAuth 2.0 grant type strings that the client can use at the token endpoint. Supported values: <strong>[client_credentials, authorization_code, refresh_token]</strong></td>
</tr>
<tr>
<td><strong>response_types</strong></td>
<td>Required</td>
<td>Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. <strong>value: [code id_token]</strong></td>
</tr>
<tr>
<td><strong>application_type</strong></td>
<td>Optional</td>
<td>Kind of the application. The only supported application type will be <strong>web</strong></td>
</tr>
<tr>
<td><strong>id_token_signed_response_alg</strong></td>
<td>Required</td>
<td>Algorithm with which an id_token is to be signed</br></br>Supported values as constrained by <strong>[FAPI-RW]</strong></td>
</tr>
<tr>
<td><strong>id_token_encrypted_response_alg</strong></td>
<td>Required</td>
<td>JWE <code>alg</code> algorithm with which an id_token is to be encrypted</td>
</tr>
<tr>
<td><strong>id_token_encrypted_response_enc</strong></td>
<td>Required</td>
<td>JWE <code>enc</code> algorithm with which an id_token is to be encrypted</td>
</tr>
<tr>
<td><strong>request_object_signing_alg</strong></td>
<td>Optional</td>
<td>Algorithm which the ADR expects to sign the request object if a request object will be part of the authorization request sent to the Data Holder</br></br>If field not present in the request, data holders are expected to respond with an appropriate default value</br></br>Supported values as constrained by <strong>[FAPI-RW]</strong></td>
</tr>
<tr>
<td><strong>software_statement</strong></td>
<td>Required</td>
<td>Software statement assertion issued by the CDR Register</td>
</tr>
</tbody></table>
<h3 id='id-token-algorithm-selection-considerations'>ID Token Algorithm Selection Considerations</h3>
<p>ID Token algorithms currently being applied in the ecosystem include:</p>

<table><thead>
<tr>
<th>Claim</th>
<th>Values</th>
</tr>
</thead><tbody>
<tr>
<td><strong>id_token_encrypted_response_alg</strong></td>
<td>RSA-OAEP</br>RSA-OAEP-256</td>
</tr>
<tr>
<td><strong>id_token_encrypted_response_enc</strong></td>
<td>A256GCM</br>A128CBC-HS256</td>
</tr>
</tbody></table>
<h2 id='registration-validation'>Registration Validation</h2>
<p>Validation and use of the JWT and the claims described above MUST be performed in accordance with <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32">JWT</a></p>

<p>SSA JWT signatures MUST be verified against the associated JWK published at the CDR Register <a href="#getjwks">GetJWKS endpoint</a>.</p>

<p>Validation of the SSA <code>software_id</code> and the associated software status is not required as the SSA will have been issued and signed by the CDR Register</p>

<p>Each <code>software_id</code> issued by the CDR Register should only be registered on each Data Holder Brand IDP once. Multiple registrations per <code>software_id</code> are NOT permitted</p>
<h2 id='registration-response'>Registration Response</h2>
<blockquote>
<p>Example Created Response</p>
</blockquote>
<pre class="highlight plaintext"><code>HTTP/1.1 201 Created
Content-Type: application/json

{
  "client_id": "2cfefa98-7d4a-4bcb-95da-47063b84d410",
  "client_id_issued_at": 1574398823,
  "redirect_uris": [
     "https://www.mockcompany.com.au/redirects/redirect1",
     "https://www.mockcompany.com.au/redirects/redirect2"
   ],
   "token_endpoint_auth_signing_alg":"PS256",
   "token_endpoint_auth_method":"private_key_jwt",
   "grant_types":[
      "client_credentials",
      "authorization_code",
      "refresh_token"
   ],
   "response_types":["code id_token"],
   "application_type":"web",
   "id_token_signed_response_alg":"PS256",
   "id_token_encrypted_response_alg":"RSA-OAEP",
   "id_token_encrypted_response_enc:"A256GCM",
   "request_object_signing_alg":"PS256",
   "software_statement":"…",
   "legal_entity_id": "3B0B0A7B-3E7B-4A2C-9497-E357A71D07C7",
   "legal_entity_name": "Mock Company Pty Ltd",
   "org_id": "3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8",
   "org_name": "Mock Company Brand",
   "client_name": "Mock Software",
   "client_description": "A mock software product for testing SSA",
   "client_uri": "https://www.mockcompany.com.au",
   "logo_uri": "https://www.mockcompany.com.au/logos/logo1.png",
   "tos_uri": "https://www.mockcompany.com.au/tos.html",
   "policy_uri": "https://www.mockcompany.com.au/policy.html",
   "jwks_uri": "https://www.mockcompany.com.au/jwks",
   "revocation_uri": "https://www.mockcompany.com.au/revocation",
   "recipient_base_uri": "https://www.mockcompany.com.au",
   "sector_identifier_uri": "https://www.mockcompany.com.au/sector_identifier"
   "software_id": "740C368F-ECF9-4D29-A2EA-0514A66B0CDE",
   "software_roles": "data-recipient-software-product",
   "scope":
         "openid
          profile
          bank:accounts.basic:read
          bank:accounts.detail:read
          bank:transactions:read
          bank:payees:read
          bank:regular_payments:read
          common:customer.basic:read
          common:customer.detail:read
          cdr:registration"
}
</code></pre>
<p>On successful registration, the response MUST be returned to the Accredited Data Recipient conforming to <a href="https://tools.ietf.org/html/rfc7591#section-3.2.1">Section 3.2.1</a> of <strong>[RFC7591]</strong></p>

<table><thead>
<tr>
<th>Claim</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><strong>client_id</strong></td>
<td>Required</td>
<td>Contains the dynamically generated identifier for the ADR Software Product issued by the Data Holder</td>
</tr>
<tr>
<td><strong>client_id_issued_at</strong></td>
<td>Optional</td>
<td>Time at which the client identifier was issued</td>
</tr>
</tbody></table>

<p>As per <a href="https://tools.ietf.org/html/rfc7591#section-3.2.1">Section 3.2.1</a> of <strong>[RFC7591]</strong>, additionally, the authorisation server MUST return all registered metadata about this client, including any fields provisioned by the authorisation server itself</p>

<p>The Software Statement value MUST be returned unmodified. Client metadata elements used from the software statement MUST also be returned directly as top-level client metadata values in the registration response</p>

<p>Any additional claims MUST be ignored and not returned on completion of the request</p>
<h2 id='registration-errors'>Registration Errors</h2>
<blockquote>
<p>Example Error Response</p>
</blockquote>
<pre class="highlight plaintext"><code>HTTP/1.1 400 Bad Request
Content-Type: application/json
</code></pre><pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
 </span><span class="s2">"error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"invalid_software_statement"</span><span class="p">,</span><span class="w">
 </span><span class="s2">"error_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Duplicate registrations for a given software_id are not valid"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<p>When an error condition occurs during a registration request, the response MUST be returned to the Accredited Data Recipient conforming to <a href="https://tools.ietf.org/html/rfc7591#section-3.2.2">Section 3.2.2</a> of <strong>[RFC7591]</strong></p>

<p>Duplicate registrations are not permitted so attempts to create a registration which already exists MUST return an HTTP 400  error</p>

<p>Registration error responses schemas are defined in the <a href="#dcr-api">API Documentation</a></p>

<p>For those Registration errors which do not map to <a href="https://tools.ietf.org/html/rfc7591#section-3.2.2">Section 3.2.2</a> of <strong>[RFC7591]</strong>, <a href="https://consumerdatastandardsaustralia.github.io/standards/#http-response-codes">HTTP Response Codes</a> in the Consumer Data Standards should be used.</p>
<h2 id='client-registration-management'>Client Registration Management</h2><h3 id='registration-api-endpoints'>Registration API Endpoints</h3>
<p>Data Holder Authorisation Servers must expose the following Client Registration Management endpoints</p>

<table><thead>
<tr>
<th>HTTP Verb</th>
<th>Auth Server Support</th>
<th>TLS-MA</th>
<th>HoK</th>
<th>Grant Type</th>
<th>Access Token Scope</th>
</tr>
</thead><tbody>
<tr>
<td><strong>POST /register</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td></td>
<td>N/A</td>
<td>None</td>
</tr>
<tr>
<td><strong>GET /register/{clientID}</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
<td>Client Credentials</td>
<td>cdr:registration</td>
</tr>
<tr>
<td><strong>PUT /register/{clientID}</strong></td>
<td>Required</td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
<td>Client Credentials</td>
<td>cdr:registration</td>
</tr>
<tr>
<td><strong>DELETE /register/{clientID}</strong></td>
<td>Optional</td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
<td>Client Credentials</td>
<td>cdr:registration</td>
</tr>
</tbody></table>

<p>Please refer to <a href="#dcr-api">API documentation</a> for further examples</p>

<ul>
<li>During registration management requests, Data Holders must validate the scope of access tokens provided matches </br><code>cdr:registration</code></li>
<li>Registration endpoints will be exposed in the OIDC Discovery Configuration Endpoint, as described in the <a href="https://consumerdatastandardsaustralia.github.io/standards/index.html#end-points">Consumer Data Standards</a></li>
</ul>
<h3 id='put-operations'>PUT Operations</h3>
<p>Registrations must only be updated via Registration PUT operations</p>

<p>PUT operations are to be used for one of two scenarios:</p>

<ol>
<li>The client has updated their registration details on the CDR Register and updates this information to the data holder brands</li>
<li>A new version of the SSA has been released and the client updates this information to the data holder brands</li>
</ol>

<ul>
<li>POST and PUT operations MUST accept the SSA payload.</li>
<li>Any fields the data holder brand does not support are not persisted. However, registration responses must conform to the <a href="#dcr-api">DCR API</a> specification</li>
</ul>
<h2 id='authorisation-server'>Authorisation Server</h2><pre class="highlight plaintext"><code>Non-Normative Example for access token retrieval

HTTP/1.1 POST /token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&amp;
  scope=cdr%3Aregistration&amp;
  client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&amp;
  client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyNDU2In0.ey ...

## Decoded client assertion JWT
{
  "alg": "PS256",
  "typ": "JWT",
  "kid": "12456"
}
{
  "iss": "12345",
  "sub": "12345",
  "iat": 1516239022,
  "exp": 1516239322,
  "aud": "https://www.holder.com.au/token",
  "jti": "37747cd1-c105-4569-9f75-4adf28b73e31"
}

</code></pre><h3 id='token-endpoint-authentication'>Token Endpoint Authentication</h3>
<p>The Accredited Data Recipient MUST use the <code>private_key_jwt client</code> authentication method with the <code>client_credentials</code> grant to authenticate with the Data Holder token endpoint</p>
<h3 id='access-token-separation-of-duties'>Access Token Separation of Duties</h3>
<p>Access tokens issued for consuming CDR Data should not be used for client registration maintenance and vice-versa</p>

<p>ADRs should ensure they only use access tokens with the scope <code>cdr:registration</code> for client registration maintenance tasks and <a href="https://consumerdatastandardsaustralia.github.io/standards/#authorisation-scopes">CDR Authorisation Scopes</a> for consuming CDR data</p>
<h3 id='registration-transaction-security'>Registration Transaction Security</h3>
<p>DCR API endpoints will conform to the same transaction security requirements as Data Holder Resource endpoints
</br>Please refer to the <a href="https://consumerdatastandardsaustralia.github.io/standards/#transaction-security">Consumer Data Standards Transaction Security</a> for Transaction Security details</p>
<h2 id='registration-flows'>Registration Flows</h2>
<p>The following sequence diagrams outline the responsibilities for each party during the dynamic client registration processes.</p>
<h3 id='create-registration'>Create Registration</h3>
<p><img class=medium-image src="images/registration/CreateRegistration1.png" ></img></p>
<h3 id='modify-registration'>Modify Registration</h3>
<p><img class=medium-image src="images/registration/ModifyRegistration1.png" ></img></p>

<p>Software Product Configuration is a manual process performed via the CDR Participant Portal. Information on this process will be provided during onboarding</p>

<p>Registration request details are described at: <a href="#registration-request-using-jwt">registration-request-using-jwt</a></p>
<h1 id='participant-statuses'>Participant Statuses</h1><h2 id='accredited-data-recipient-and-software-product-statuses'>Accredited Data Recipient and Software Product Statuses</h2>
<p>The accreditation status of Accredited Data Recipients, and the status of their associated software products, may traverse through multiple statuses in the CDR as a result of decisions by the ACCC, in its capacity as Data Recipient Accreditor, or where an Accredited Data Recipient surrenders accreditation.</p>

<p>Data Holders will have the responsibility to ensure that CDR data relating to consumers is disclosed to Accredited Data Recipients and to cease sharing data where the accreditation of a data recipient is</p>

<ol>
<li> Suspended or revoked by the ACCC</li>
<li> Surrendered by the Data Recipient</li>
</ol>

<p>The Register will notify all Data Holders of the above changes in Accredited Data Recipient status as per the ACCC’s decisions.</p>
<h3 id='accredited-data-recipient-status'>Accredited Data Recipient Status</h3>
<p><img class=medium-image src="images/ADRStateMachine.png" ></img></p>
<h3 id='software-product-status'>Software Product Status</h3>
<p><img class=medium-image src="images/SoftwareProductStateMachine.png" ></img></p>
<h3 id='status-mapping'>Status Mapping</h3>
<p>When the ACCC Registrar changes the accreditation status for an ADR for any status other than active, the associated Software Products status will be changed accordingly.</p>

<p>The cascading status mappings are as follows:</p>

<table><thead>
<tr>
<th><strong>ADR Status</strong></th>
<th><strong>Cascaded SP Status</strong></th>
</tr>
</thead><tbody>
<tr>
<td>Suspended</td>
<td>Inactive</td>
</tr>
<tr>
<td>Revoked</td>
<td>Removed</td>
</tr>
<tr>
<td>Surrendered</td>
<td>Removed</td>
</tr>
</tbody></table>

<p>These cascaded software product statuses are also catered for in collection arrangements. Please refer to the <a href="#collection-arrangements">Accreditation Status Discovery</a> section for more details.</p>
<h3 id='archiving-entities'>Archiving Entities</h3>
<p>In order to keep the Register APIs efficient and to minimise the amount of metadata traffic, dormant entries will be identified and archived automatically within the CDR Register.</p>

<p>Dormant entries are defined as those records that have reached and maintained an <strong>end state</strong> in the CDR Register for the past <strong>2 years</strong>.</p>

<p>Each entity within the CDR Register can be archived independently of the parent entity. For example, a software product that has been dormant for <strong>2 years</strong> can be archived whilst the brand remains active. However, if a parent entity is archived (Legal Entity / Brand) then all child entities will also be archived.</p>

<p>The table below outlines the end state for each Register entry type:</p>

<table><thead>
<tr>
<th><strong>Register Entity</strong></th>
<th><strong>End State</strong></th>
</tr>
</thead><tbody>
<tr>
<td>Data Holder</td>
<td>Removed</td>
</tr>
<tr>
<td>Data Holder Brand</td>
<td>Removed</td>
</tr>
<tr>
<td>Data Recipient</td>
<td>Surrendered, Revoked</td>
</tr>
<tr>
<td>Data Recipient Brand</td>
<td>Removed</td>
</tr>
<tr>
<td>Data Recipient Software Product</td>
<td>Removed</td>
</tr>
</tbody></table>

<p>When an entry is archived on the Register, the entry will no longer appear in the output of the Register APIs by default. The archived records will still be accessible, if needed, by providing a query string parameter <code>include-archived=true</code> on the request.</p>
<h2 id='data-holder-responsibilities'>Data Holder Responsibilities</h2>
<p></br>The ACCC Registrar has the ability to change the status of a Software Product independently of the ADR accreditation status. Therefore, both the ADR and Software Product statuses should be referenced, to determine the Data Holder&#39;s responsibilities for data disclosure, consent and registration management
&#39;</p>

<table><thead>
<tr>
<th><strong>ADR Status</strong></th>
<th><strong>SP Status</strong></th>
<th><strong>Disclose of CDR Data</strong></th>
<th><strong>Facilitate Consent Authorisation</strong></th>
<th><strong>Facilitate Consent Withdrawal</strong></th>
<th><strong>Invalidate Consents</strong></th>
<th><strong>Cleanup Registration</strong></th>
</tr>
</thead><tbody>
<tr>
<td>Active</td>
<td>Active</td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Active</td>
<td>Inactive</td>
<td></td>
<td></td>
<td><i class="icon-check"></i></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Active</td>
<td>Removed</td>
<td></td>
<td></td>
<td></td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
</tr>
<tr>
<td>Suspended</td>
<td>Inactive</td>
<td></td>
<td></td>
<td><i class="icon-check"></i></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Suspended</td>
<td>Removed</td>
<td></td>
<td></td>
<td></td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
</tr>
<tr>
<td>Revoked</td>
<td>Removed</td>
<td></td>
<td></td>
<td></td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
</tr>
<tr>
<td>Surrendered</td>
<td>Removed</td>
<td></td>
<td></td>
<td></td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
</tr>
</tbody></table>

<ul>
<li>Disclosure of CDR data MUST be in response to valid requests in accordance with the CDR rules and standards</li>
<li>The status of an Accredited Data Recipient Brand does not impact Data Holder responsibilities due to the cascade rules outlined above</li>
<li>When an Accredited Data Recipient status is Suspended, Revoked or Surrendered the Software Product status cannot be Active</li>
<li>Invalidation of consents and cleanup of registrations are bulk operations. It is reasonable to execute these as batch tasks performed overnight</li>
</ul>
<h2 id='metadata-cache-management'>Metadata Cache Management</h2>
<p>Data Holders are required to be able to react to Data Recipient and associated Software Statuses changes within <strong>5 minutes</strong> of the change occuring on the CDR Register</p>

<p>To achieve this, Data Holders can poll the <a href="#getdatarecipientsstatus">GetDataRecipientsStatus</a>, <a href="#getsoftwareproductsstatus">GetSoftwareProductsStatus</a> and <a href="#getdatarecipients">GetDataRecipients</a> APIs to retrieve the current statuses and cache these for use during requests for Consumer Data</p>

<p>Data Holders will need to choose a frequency of polling which ensures their systems can respond to status changes within the required timeframe</p>

<p>Data Holders and Data Recipients will be required to cache all other participant data they use and periodically update this cache using a slow poll. This ensures that changes to participant configuration propagates throughout the ecosystem in a predictable timeframe</p>
<h3 id='cache-update-periods'>Cache update periods</h3>
<p>The following are the recommended caching times for data retrieved from the Register APIs.</p>

<table><thead>
<tr>
<th>API</th>
<th>Type</th>
<th>Period</th>
</tr>
</thead><tbody>
<tr>
<td><strong>GetDataRecipientsStatus</strong></td>
<td>Public</td>
<td>2-5 minutes</td>
</tr>
<tr>
<td><strong>GetSoftwareProductsStatus</strong></td>
<td>Public</td>
<td>2-5 minutes</td>
</tr>
<tr>
<td><strong>GetDataRecipients (statuses)</strong></td>
<td>Public</td>
<td>2-5 minutes</td>
</tr>
<tr>
<td><strong>GetDataRecipients (other data)</strong></td>
<td>Public</td>
<td>6 hours</td>
</tr>
<tr>
<td><strong>GetDataHolderBrands</strong></td>
<td>Private</td>
<td>6 hours</td>
</tr>
</tbody></table>
<h2 id='etag-support'>ETag Support</h2>
<p>All <strong>public</strong> APIs are hosted on a CDN supporting ETag cache validators. ETags can be utilised to detect whether the content has changed.</p>

<p>Further information on the usage of <code>ETag</code> and the associated <code>If-None-Match</code> headers can be found at: <a href="https://docs.microsoft.com/en-au/azure/cdn/cdn-how-caching-works">https://docs.microsoft.com/en-au/azure/cdn/cdn-how-caching-works</a></p>
<h3 id='change-detection-using-etags'>Change detection using ETags</h3>
<p>Clients polling the CDN hosted APIs specifying the <code>ETag</code> header can rely on the <code>304 Not Modified</code> response to indicate no changes have occurred since the previous poll.</p>

<p><img class=small-image src="images/status/DataHolderPollingWithETags.png" ></img></p>
<h2 id='checking-request-validity'>Checking Request Validity</h2><h3 id='request-for-disclosure-of-cdr-data-checking-validity-of-accredited-data-recipient-and-associated-software-product'>Request for Disclosure of CDR Data: Checking Validity of Accredited Data Recipient and associated Software Product</h3>
<p><img src="images/ChecksForDhToShareData.png" ></img>
<em>Pre-requisites: SSL connection has been established between all parties and Data Recipient has been issued an access token</em></p>
<h3 id='request-for-consent-withdrawal-checking-validity-of-accredited-data-recipient-and-associated-software-product'>Request for Consent Withdrawal: Checking Validity of Accredited Data Recipient and associated Software Product</h3>
<p><img src="images/ChecksForDhToWithdrawConsent.png" ></img>
<em>Pre-requisites: SSL connection has been established between all parties</em></p>

<p>Data recipients authenticate data holders using JWKS specified in <a href="#getdataholderbrands">data holder brands discovery APIs</a>.</p>
<h2 id='status-changes'>Status Changes</h2><h3 id='adr-active'>ADR Active</h3>
<p>Once a Data Recipient has been granted accreditation by the ACCC (as Data Recipient Accreditor) and has completed the necessary steps to be added to the Register (as specified in the rules), the following actions and responsibilities will arise:</p>

<ol>
<li> The Registrar will issue the Accredited Data Recipient all <a href="#certificate-management">required certificates</a></br></li>
<li> The Accredited Data Recipient&#39;s status will be set to <strong>&#39;active&#39;</strong></br></li>
<li> The Accredited Data Recipient will be able to register their Software Products with Data Holders within the ecosystem</li>
<li> The Data Holder&#39;s responsibilities with this active Data Recipient are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='adr-suspended'>ADR Suspended</h3>
<p>Where the ACCC (as Data Recipient Accreditor) has made a decision to suspend the accreditation of an Accredited Data Recipient, and has notified the decision to the Registrar the following actions and responsibilities will arise:</p>

<ol>
<li> The Registrar will update the CDR Register to change the Accredited Data Recipient&#39;s status to <strong>&#39;suspended&#39;</strong> and status of all associated Software Products to <strong>&#39;inactive&#39;</strong></li>
<li> The Data Holder will identify the change in status of the Data Recipient and associated Software Products during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this suspended Data Recipient are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='adr-reactivated-from-suspension'>ADR Reactivated from Suspension</h3>
<p>An Accredited Data Recipient can move from the suspended status back to the active status when a suspension expires or is revoked by the ACCC (as Data Recipient Accreditor). Once this has occurred, the following actions and responsibilities are:</p>

<ol>
<li> The Registrar will update the CDR Register to change the Data Recipient&#39;s status to <strong>&#39;active&#39;</strong></li>
<li> The Data Holder will identify the change in status of the Data Recipient during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this reactivated Data Recipient are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
<li> Software Products for the associated Data Recipient will only be reactivated on a case by case basis</li>
</ol>
<h3 id='adr-revoked'>ADR Revoked</h3>
<p>Where the ACCC (as Data Recipient Accreditor) has made a decision to revoke the accreditation of an Accredited Data Recipient, and has notified the decision to the Registrar, the following actions and responsibilities will arise:</p>

<ol>
<li> The Registrar will revoke Accredited Data Recipient&#39;s <a href="#certificate-management">certificates</a></li>
<li> The Registrar will update the CDR Register to change the Accredited Data Recipient&#39;s status to <strong>&#39;revoked&#39;</strong> and status of all associated Software Products to <strong>&#39;inactive&#39;</strong></li>
<li> Once the appeals timeframe has been exceeded, Software Products will be moved to the <strong>&#39;removed&#39;</strong> status</li>
<li> The Data Holder will identify the change in status of the Data Recipient and associated Software Products during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this revoked Data Recipient are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='adr-reactivated-from-revoked'>ADR Reactivated from Revoked</h3>
<p>An Accredited Data Recipient can move from the revoked status back to the active status. Once this has occurred, the following actions and responsibilities are:</p>

<ol>
<li> The Registrar will reissue the Accredited Data Recipient all <a href="#certificate-management">required certificates</a></br></li>
<li> The Registrar will update the CDR Register to change the Data Recipient&#39;s status to <strong>&#39;active&#39;</strong></li>
<li> The Data Holder will identify the change in status of the Data Recipient during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this reactivated Data Recipient are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='adr-surrendered'>ADR Surrendered</h3>
<p>Where an Accredited Data Recipient has surrendered their accreditation, and the Data Recipient Accreditor has notified the Registrar of the surrender, the following actions and responsibilities will arise:</p>

<ol>
<li> The Registrar will revoke Accredited Data Recipient&#39;s <a href="#certificate-management">certificates</a></li>
<li> The Registrar will update the CDR Register to change the Accredited Data Recipient&#39;s status to <strong>&#39;surrendered&#39;</strong> and status of all associated Software Products to <strong>&#39;removed&#39;</strong></li>
<li> The Data Holder will identify the change in status of the Data Recipient and associated Software Products during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this surrendered Data Recipient and associated Software Products are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='new-adr-software-product-active'>New ADR Software Product Active</h3>
<p>Once an Accredited Data Recipient has completed the necessary steps to add a new Software Product to the Register, the following actions and responsibilities will arise:</p>

<ol>
<li> The Software Product status will be set to <strong>&#39;active&#39;</strong></li>
<li> The Accredited Data Recipient will be able to register this Software Product with Data Holders within the ecosystem</li>
<li> The Data Holder&#39;s responsibilities with this active ADR Software Product are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='adr-software-product-deactivated'>ADR Software Product Deactivated</h3>
<p>Where the ACCC (as Data Recipient Accreditor) has made a decision to deactivate the status of an Accredited Data Recipient’s Software Product, and has notified the decision to the Registrar the following actions and responsibilities will arise:</p>

<ol>
<li> The Registrar will update the CDR Register to change the Software Product’s status to <strong>&#39;inactive&#39;</strong></li>
<li> The Data Holder will identify the change in status of the Software Product during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this deactivated ADR Software Product are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='adr-software-product-reactivated'>ADR Software Product Reactivated</h3>
<p>A Software Product can move from the inactive status back to the active status where a suspension expires or is revoked by the ACCC (as Data Recipient Accreditor). Once this has occurred, the following actions and responsibilities are:</p>

<ol>
<li> The Registrar will update the CDR Register to change the Software Product’s status to <strong>&#39;active&#39;</strong></li>
<li> The Data Holder will identify the change in status of the Software Product during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this reactivated ADR Software Product are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='adr-software-product-removed'>ADR Software Product Removed</h3>
<p>Where the ACCC (as Data Recipient Accreditor) has made a decision to revoke the status of an Accredited Data Recipient’s Software Product, and has notified the decision to the Registrar, the following actions and responsibilities will arise:</p>

<ol>
<li> The Registrar will update the CDR Register to change the Software Product’s status to <strong>&#39;removed&#39;</strong></li>
<li> The Data Holder will identify the change in status of the Software Product during its next poll within the required timeframe</li>
<li> The Data Holder&#39;s responsibilities with this removed ADR Software Product are outlined at <a href="#data-holder-responsibilities">Data Holder Responsibilities</a></br></li>
</ol>
<h3 id='data-holder-status-change'>Data Holder Status Change</h3>
<p>Rules regarding Data Holder off-boarding and revocation have not yet been provided. Updates to this design will be added once the rules have been defined.</p>
<h2 id='cache-refresh-metadata-request'>Cache Refresh Metadata Request</h2>
<aside class="notice">
The following design for the Cache Refresh in response to a Metadata Update Request will be considered for a future iteration of the Register design.
</aside>

<p>To facilitate the Metadata update requests, Data Holders will need to implement the Admin endpoint as per CDS standard: <a href="https://consumerdatastandardsaustralia.github.io/standards/#admin-apis">https://consumerdatastandardsaustralia.github.io/standards/#admin-apis</a></p>

<p>This endpoint exposes functionality for the ACCC to request participants to refresh their caches.
Cache refreshes may be requested in the following scenarios:</p>

<ol>
<li> A new Data Holder Brand becomes active</li>
<li> A new Accredited Data Recipient Software Product becomes active</li>
<li> A Data Holder Brand has been removed from the CDR</li>
<li> An Accredited Data Recipient Software Product has been deactivated or removed from the CDR Register</li>
<li> An Accredited Data Recipient has been surrendered, suspended or revoked from the CDR</li>
</ol>
<h3 id='data-holder-caching-of-accredited-data-recipients-software-product-metadata'>Data Holder Caching of Accredited Data Recipients Software Product Metadata</h3>
<p><img src="images/status/DataHolderMetadataRefresh.png" ></img></p>
<h2 id='refusal-to-disclose'>Refusal To Disclose</h2>
<p>Currently under the CDR rules, Data Holders within the CDR ecosystem can refuse to disclose CDR data in response to valid requests from Accredited Data Recipients.</p>

<p>See <a href="https://www.legislation.gov.au/Series/F2020L00094">CDR Rules Compliation 3</a> Part 4 Division 4.2, Subdivision 4.2.4 Rule 4.7.</p>
<h1 id='security-profile'>Security Profile</h1><h2 id='overview'>Overview</h2>
<p>The security profile of the CDR Register follows the conventions defined by the <a href="https://consumerdatastandardsaustralia.github.io/standards/#security-profile">Consumer Data Standards Security Profile</a></p>

<ol>
<li><p>The CDR Register Secured APIs will use <code>Mutual Authentication TLS</code> <strong>[MTLS]</strong> as the transport security and the OIDC </br><code>client_credentials</code> grant type authentication</p></li>
<li><p>The CDR Register unsecured APIs will use <strong>[TLS]</strong> as the transport security with no authentication requirements</p></li>
<li><p>All client and server certificates are generated by the CDR Register certificate authority to facilitate this transport. Please see the <a href="#certificate-management">Certificate Management section</a> for further details</p></li>
<li><p>The Client Authentication method to be used by ADRs to the CDR Register will use <code>private_key_jwt</code> for procuring access tokens</p></li>
</ol>

<p>Please refer to the <a href="https://consumerdatastandardsaustralia.github.io/standards/#security-profile">Consumer Data Standards Security Overview</a> for Symbols and Abbreviated Terms</p>
<h2 id='register-endpoints'>Register Endpoints</h2>
<p>The CDR Register exposes an OIDC Configuration Endpoint with associated JWKS and token endpoints to faciliate issuance of access tokens to consume the protected Register APIs.</p>

<blockquote>
<p>Retrieve CDR Register OIDC Discovery Endpoint</p>
</blockquote>
<pre class="highlight plaintext"><code>GET /.well-known/openid-configuration HTTP/1.1
Host: cdr.register

## Response
{
    "issuer": "https://cdr.register/idp",
    "jwks_uri": "https://cdr.register/idp/.well-known/openid-configuration/jwks",
    "token_endpoint": "https://cdr.register/idp/connect/token",
    "claims_supported": ["sub"],
    "id_token_signing_alg_values_supported": ["PS256"],
    "subject_types_supported": ["public"],
    "scopes_supported": ["cdr-register:bank:read"],
    "response_types_supported": ["token"],
    "grant_types_supported": ["client_credentials"],
    "token_endpoint_auth_methods_supported": ["private_key_jwt"],
    "tls_client_certificate_bound_access_tokens": true,
    "request_object_signing_alg_values_supported": ["PS256"]
}

</code></pre><h3 id='retrieving-access-token'>Retrieving Access Token</h3>
<p><img class=medium-image src="images/RetrieveAccessToken.png" ></img></p>
<h2 id='client-authentication'>Client Authentication</h2>
<blockquote>
<p>Request CDR Register Access Token</p>
</blockquote>
<pre class="highlight plaintext"><code>POST /token HTTP/1.1
Host: cdr.register
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&amp;
  client_id=&lt;brand id&gt; OR &lt;software product id&gt; &amp;
  client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&amp;
  client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyNDU2In0.ey ...&amp;
  scope=cdr-register%3Abank%3Aread

## Decoded client assertion JWT
{
  "alg": "PS256",
  "typ": "JWT",
  "kid": "b50641343f8f4717a4865d238b6297b8"
}
{
  "iss": "&lt;brand id&gt; OR &lt;software product id&gt;",
  "sub": "&lt;brand id&gt; OR &lt;software product id&gt;",
  "exp": 1516239322,
  "aud": "https://cdr.register/idp/connect/token",
  "jti": "37747cd1-c105-4569-9f75-4adf28b73e31"
}


## Response
{
    "access_token": "eyJhbGciOiJQUz...",
    "expires_in": 7200,
    "token_type": "Bearer",
    "scope": "cdr-register:bank:read openid"
}
</code></pre>
<p>Please refer to the <a href="https://consumerdatastandardsaustralia.github.io/standards/#client-authentication">Consumer Data Standard</a> for reference to the client authentication methods from the CDR Register to participants.</p>
<h3 id='client-authentication-with-the-cdr-register'>Client Authentication with the CDR Register</h3>
<p>Interactions with the CDR Register uses the <code>private_key_jwt</code> client authentication method as specified at <a href="https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication">section 9</a> of <strong>[OIDC]</strong>. This maintains alignment with the <a href="https://consumerdatastandardsaustralia.github.io/standards/#client-authentication">Consumer Data Standards</a></p>
<h3 id='cdr-register-access-token-request-using-client-authentication'>CDR Register Access Token Request using Client Authentication</h3>
<ul>
<li><p>The CDR Register MUST support the authentication of the Data Recipients using the <code>private_key_jwt</code> client authentication method</p></li>
<li><p>CDR Register public keys MUST only be obtained from the exposed endpoint exposed for this purpose.</p></li>
</ul>

<p>As per the <a href="https://consumerdatastandardsaustralia.github.io/standards/#client-authentication">Consumer Data Standards</a>, While <strong>[MTLS]</strong> is utilised for transaction security and as a Holder of Key mechanism the PKI Mutual TLS OAuth Client Authentication Method SHALL NOT be supported as the mechanism for client authentication.</p>

<ol>
<li>Access Token will be requested as per the Assertion Framework for OAuth2 Client Authentication profile</li>
<li>Data Holder and Data Recipient public keys are retrieved from the CDR Register</li>
<li>Refresh tokens will not be provided for grant_type <code>client_credentials</code></li>
<li> The JWT must contain the following Claim Values :</li>
</ol>

<ul>
<li>  <code>iss</code>: REQUIRED. Issuer. This MUST contain the <code>Data Recipient Brand ID</code> OR <code>Software Product ID</code> issued by the CDR Register</li>
<li>  <code>sub</code>: REQUIRED. Subject. This MUST contain the <code>Data Recipient Brand ID</code> OR <code>Software Product ID</code> issued by the CDR Register</li>
<li>  <code>aud</code>: REQUIRED. Audience. The URL of the end point being invoked</li>
<li>  <code>exp</code>: REQUIRED. Expiration time on or after which the JWT MUST NOT be accepted for processing</li>
<li>  <code>jti</code>: REQUIRED. JWT ID. A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once.</li>
</ul>

<p>When invoking the protected end point, the assertion MUST be sent with the <code>POST</code> method and MUST include the following parameters:</p>

<ul>
<li>  <code>grant_type</code>: This MUST be set to <code>client_credentials</code></li>
<li>  <code>client_id</code>: This MUST be set to the ID of the calling client <code>Data Recipient Brand ID</code> OR <code>Software Product ID</code></li>
<li>  <code>client_assertion_type</code>: This MUST be set to: <code>urn:ietf:params:oauth:client-assertion-type:jwt-bearer</code></li>
<li>  <code>client_assertion</code>: This MUST be set to the digitally signed JWT</li>
</ul>
<h3 id='identifiers'>Identifiers</h3>
<p><code>client_id</code>, <code>sub</code> and where appropriate <code>iss</code>, are expected to contain the unique identifier for the client.<br>
The following client identifiers will be used:</p>

<table><thead>
<tr>
<th>Client</th>
<th>Scenario</th>
<th>Identifier</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Software Product</strong></td>
<td>Calls to Data Holder Brand Authenticated APIs</td>
<td><code>Client ID</code> as issued by the target Data Holder Brand</td>
</tr>
<tr>
<td><strong>Data Recipient Brand / Software Product</strong></td>
<td>Calls to <a href="#consumer-data-right-cdr-register-apis">CDR Register Authenticated APIs</a></td>
<td><code>Data Recipient Brand ID</code> or <code>Software Product ID</code> as issued by CDR Register</td>
</tr>
<tr>
<td><strong>Data Holder Brand</strong></td>
<td>Calls to Data Recipient <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Revocation</a> and <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">CDR Arrangement Management</a> APIs</td>
<td><code>Data Holder Brand ID</code> as issued by CDR Register</td>
</tr>
</tbody></table>

<ul>
<li><em><code>Data Recipient Brand ID</code> as a client identifier will be deprecated in a future version of the CDR Register design and is currently retained for backwards compatibility</em></li>
</ul>
<h2 id='transaction-security'>Transaction Security</h2>
<p>Please refer to the <a href="https://consumerdatastandardsaustralia.github.io/standards/#transaction-security">Consumer Data Standards Transaction Security</a> for Transaction Security details</p>
<h2 id='participant-endpoints'>Participant Endpoints</h2>
<blockquote>
<p>OIDC Discovery Configuration Endpoint</p>
</blockquote>
<pre class="highlight plaintext"><code>&lt;InfoSecBaseUri&gt;/.well-known/openid-configuration

</code></pre>
<p>Participants will be required to register base URIs against each of their brands to facilitate the implementation of the Consumer Data Standards</p>

<table><thead>
<tr>
<th>Base URI</th>
<th>DH Brand</th>
<th>ADR Brand</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><strong>PublicBaseUri</strong></td>
<td><i class="icon-check"></i></td>
<td></td>
<td>Base URI for the Consumer Data Standard public endpoints. This should encompass all endpoints not requiring authentication</td>
</tr>
<tr>
<td><strong>ResourceBaseUri</strong></td>
<td><i class="icon-check"></i></td>
<td></td>
<td>Base URI for the Consumer Data Standard resource endpoints. This should encompass all CDS resource endpoints requiring authentication</td>
</tr>
<tr>
<td><strong>InfoSecBaseUri</strong></td>
<td><i class="icon-check"></i></td>
<td></td>
<td>Base URI for the Consumer Data Standard InfoSec endpoints. This provides ADRs reference to the <a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OIDC Discovery Endpoint</a></td>
</tr>
<tr>
<td><strong>AdminBaseUri</strong></td>
<td><i class="icon-check"></i></td>
<td></td>
<td>Base URI for the Consumer Data Standard admin endpoints called by the CDR Register</td>
</tr>
<tr>
<td><strong>ExtensionBaseUri</strong></td>
<td><i class="icon-check"></i></td>
<td></td>
<td>Base URI for the Data Holder extension endpoints to the Consumer Data Standard <strong>(optional)</strong></td>
</tr>
<tr>
<td><strong>RevocationUri</strong></td>
<td></td>
<td><i class="icon-check"></i></td>
<td>Used for consent withdrawal notification from a Data Holder and is populated in the <a href="#dynamic-client-registration">SSA</a></td>
</tr>
<tr>
<td><strong>RecipientBaseUri</strong></td>
<td></td>
<td><i class="icon-check"></i></td>
<td>Base URI for the Consumer Data Standard Data Recipient endpoints. </br>This should be the base to provide reference to <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Data Recipient Endpoints</a></td>
</tr>
<tr>
<td><strong>JwksUri</strong></td>
<td><i class="icon-check"></i></td>
<td><i class="icon-check"></i></td>
<td><strong>DH:</strong> Used for client authentication for DH -&gt; ADR communication and is populated in the <a href="#getdataholderbrands">GetDataHolderBrands API</a></br> <strong>ADR:</strong> Used for client authentication for ADR -&gt; DH &amp; Register communication and is populated in the <a href="#dynamic-client-registration">SSA</a></td>
</tr>
</tbody></table>
<h2 id='jwks-cache-management'>JWKS Cache Management</h2>
<p><code>JWKS_URI</code> clients are expected to cache and refresh JWKS periodically as key sets will change over time due to key rotation.</p>

<p>Key rotation is expected for the following scenarios:</p>

<ol>
<li><code>JWKS_URI</code> owner rotates key on a regular basis as a security hygiene task</li>
<li><code>JWKS_URI</code> owner rotates key due to a compromised key</li>
</ol>

<p>It is recommended that the upper bound is constrained to <strong>15 minutes</strong> with an additional recommendation that timeout period be configurable (not hard coded) to cater for the case where the timeout needs to change due to a threat or breach.</p>
<h2 id='certificate-management'>Certificate Management</h2><h3 id='issued-by-accc-ca-for-data-holders'>Issued by ACCC CA for Data Holders</h3>
<table><thead>
<tr>
<th>Certificate</th>
<th>Function</th>
<th>Notes</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Server Certificate(s)</strong></td>
<td>Certificate is issued to a FQDN</br></br>Secures the following:</br>- Resource endpoints</br>- InfoSec endpoints</br>- Admin endpoints</td>
<td>It will be up to the DH on how these endpoints are</br>segregated. They may all be on the one domain</br>(so only one certificate required) or could be separated</td>
</tr>
</tbody></table>
<h3 id='issued-by-accc-ca-for-accredited-data-recipients'>Issued by ACCC CA for Accredited Data Recipients</h3>
<table><thead>
<tr>
<th>Certificate</th>
<th>Function</th>
<th>Notes</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Client Certificate</strong></td>
<td>Secures the following:</br>- Consuming Register APIs</br>- Consuming Data Holder APIs</td>
<td></td>
</tr>
<tr>
<td><strong>Server Certificate(s)</strong></td>
<td>Certificate is issued to a FQDN</br></br>Secures the following:</br>- Revocation endpoint </br>- CDR Arrangement Management endpoint </br>- JWKS endpoint</td>
<td>ADRs may choose to secure their <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">endpoints</a> </br> with an ACCC CA issued certificate or a certificate </br>issued by a public CA</td>
</tr>
</tbody></table>

<p><a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">CDR Arrangement Management Endpoint</a> is a requirement from <strong>November 2020</strong></p>
<h3 id='cdr-certificate-authority'>CDR Certificate Authority</h3>
<p><a href="https://www.digicert.com">DigiCert</a> acts as the certificate authority that issues and manages certificates to CDR participants as directed by the ACCC in its capacity as the CDR Registrar</p>
<h3 id='certificate-trust-model'>Certificate Trust Model</h3>
<p>The CDR utilises a private certificate trust chain for all ACCC CA secured endpoints being hosted by <a href="#participant-endpoints">Data Holders</a>, <a href="#participant-endpoints">Data Recipients</a> and the <a href="#consumer-data-right-cdr-register-apis">CDR Register</a>.</p>

<p>This trust chain encompasses a set of root and intermediate CAs issued for the test and production environments</p>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Test Environment</strong></td>
<td><a href="certificates/test/ca_root_test.cer">CA Root Test</a></br><a href="certificates/test/ca_intermediate_test.cer">CA Intermediate Test</a></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td><strong>Production Environment</strong></td>
<td><a href="certificates/production/ca_root_prod.cer">CA Root Production</a></br><a href="certificates/production/ca_intermediate_prod.cer">CA Intermediate Production</a></td>
</tr>
</tbody></table>
<h3 id='certificate-signing-request-profile'>Certificate Signing Request Profile</h3>
<p>When requesting ACCC CA certificates, certificate signing requests will need to be provided, conforming to the following profile:</p>

<table><thead>
<tr>
<th>CSR Field</th>
<th>Server</th>
<th>Client</th>
</tr>
</thead><tbody>
<tr>
<td><strong>Common Name</strong></td>
<td>Primary DNS Name</br><em>e.g. api1.test.entity.com</em></td>
<td>Software Product Name OR </br>Brand Name</td>
</tr>
<tr>
<td><strong>SAN (Optional)</strong></td>
<td>Secondary DNS Name(s) </br><em>e.g. api2.test.entity.com</em></td>
<td>N/A</td>
</tr>
<tr>
<td><strong>Organization</strong></td>
<td>Brand Name (Legal Entity Name)</td>
<td>Brand Name (Legal Entity Name)</td>
</tr>
<tr>
<td><strong>Organizational Unit</strong></td>
<td>Consumer Data Right</td>
<td>Consumer Data Right</td>
</tr>
<tr>
<td><strong>Country</strong></td>
<td>Country of participant</br><em>e.g. AU</em></td>
<td>Country of participant</br><em>e.g. AU</em></td>
</tr>
<tr>
<td><strong>Signature Algorithm</strong></td>
<td>SHA256</td>
<td>SHA256</td>
</tr>
<tr>
<td><strong>Key Algorithm</strong></td>
<td>RSA</td>
<td>RSA</td>
</tr>
<tr>
<td><strong>Key Size</strong></td>
<td>2048</td>
<td>2048</td>
</tr>
</tbody></table>

<p>Please refer to the <a href="https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0/on-boarding-guide">onboarding guide</a> for further information on certificate issuance</p>
<h3 id='certificate-usage'>Certificate Usage</h3>
<p>Further details on ACCC CA issued certificates can be found in the <a href="https://www.cdr.gov.au/sites/default/files/2020-12/CDR%20-%20ACCC%20Certification%20practice%20statement.pdf">ACCC Certificate Practice Statement V1.0</a></p>
<h3 id='certificate-validation'>Certificate Validation</h3>
<p>The Certificate Practice Statement provides details for DigiCert&#39;s certificate validation requirements and a summary has been provided in the CDR Support Portal article: <a href="https://cdr-support.zendesk.com/hc/en-us/articles/900005826963-Certificate-Validation">Certificate Validation</a></p>

<p>To summarise, certificate validation must check:</p>

<p><strong>1. Checking for certificate validity</strong></p>

<p>Verify private key signature is mathematically linked to the presented public key certificate, presented certificate identifies trusted User/Application and/or Service and certificate is both valid and not revoked</p>

<p><strong>2. Issuer‐to‐subject name chaining</strong></p>

<p>Signatures from Issuing CA’s and associated CA public key certificates are trusted, valid and not revoked</p>

<p><strong>3. Policy and key use constraints</strong></p>

<p>Each certificate has the applicable and appropriate x.509 certificate extensions, e.g. CA and CRL signing, Digital Signing, Client and Server Authentication, etc</p>

<p><strong>4. Revocation Status</strong></p>

<p>Status is checked through Certificate Revocation Lists (CRL) or Online Certificate Status Protocol (OCSP) responders, identified in each certificate in the chain.</p>
<h3 id='ocsp-stapling'>OCSP stapling</h3>
<p>The use of OCSP Stapling within the CDR ecosystem is not currently recommended.</p>
<h1 id='availability'>Availability</h1>
<p>The following scenarios outline the expectations of Data Holders and Accredited Data Recipients within the Consumer Data Right ecosystem when outages occur</p>

<p>Note that a section on <a href="#backoff-patterns">backoff patterns</a> has been provided  outlining recommendations on how to poll endpoints during an outage</p>
<h2 id='cdn-hosted-endpoints'>CDN Hosted Endpoints</h2>
<p>The CDR Register utilises a CDN to host its public APIs. During CDR Register outages, participants are still to rely on the CDN copies of these endpoints. If the CDN is no longer available, participants will be expected to rely on their <a href="#cache-refresh-metadata-request">caches</a></p>

<table><thead>
<tr>
<th>Endpoint</th>
<th>Public (CDN Hosted)</th>
</tr>
</thead><tbody>
<tr>
<td><strong>GetDataHolderBrands</strong></td>
<td></td>
</tr>
<tr>
<td><strong>GetSoftwareStatementAssertion</strong></td>
<td></td>
</tr>
<tr>
<td><strong>GetSoftwareProductsStatus</strong></td>
<td><i class="icon-check"></i></td>
</tr>
<tr>
<td><strong>GetDataRecipientsStatus</strong></td>
<td><i class="icon-check"></i></td>
</tr>
<tr>
<td><strong>GetDataRecipients</strong></td>
<td><i class="icon-check"></i></td>
</tr>
</tbody></table>
<h2 id='cdr-register-unavailable'>CDR Register Unavailable</h2>
<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Result</strong></td>
<td>Data Holders will not be able to communicate with the CDR Register</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Data Holders will not be able to maintain up-to-date status information of Data Recipients and Software Products</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Data Holders will not be able to detect when new Data Recipients and/or associated Software Products enter the ecosystem</td>
</tr>
<tr>
<td><strong>Expectation</strong></td>
<td>- It is not expected that the status of an ADR or Software Product will change when the CDR Register or CDN is unavailable, or the introduction of new ADRs<br>- Data Holders will continue to operate until informed by ACCC Operations that consumer data will not be shared<br>- Once the CDR Register becomes available, all Data Holders will retrieve up-to-data status information on their next poll</td>
</tr>
</tbody></table>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Result</strong></td>
<td>Data Recipients will not be able to communicate with the CDR Register</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Data Recipients will not be able to retrieve SSAs, therefore, won&#39;t be able to register with any Data Holders</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Data Recipients will not be able to detect when new Data Holders enter the ecosystem</td>
</tr>
<tr>
<td><strong>Expectation</strong></td>
<td>Data Recipients will need to wait until the CDR Register becomes available to register with a Data Holder</td>
</tr>
</tbody></table>
<h2 id='certificate-authority-unavailable'>Certificate Authority Unavailable</h2>
<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Result</strong></td>
<td>OCSP services will not be available</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Participants will not be able to verify the status of CA certificates</td>
</tr>
<tr>
<td><strong>Expectation</strong></td>
<td>- Participants will honour cached Certificate statuses from previous OCSP checks. <br>- Once cached certificate statuses have expired, data sharing will stop<br>It can be expected that CA certificate statuses will not change while the CA is unavailable<br>- Once the CA becomes available, certificate statuses are again updated through OCSP</td>
</tr>
</tbody></table>
<h2 id='data-recipient-unavailable'>Data Recipient Unavailable</h2>
<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Result</strong></td>
<td>Data Holders will not be able to communicate with the Accredited Data Recipient</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Data Holders will not be able to inform the ADR that consent has been withdrawn</td>
</tr>
<tr>
<td><strong>Expectation</strong></td>
<td>- Data Holders MUST continually poll the ADR using EITHER one of the specified <a href="#backoff-patterns">backoff patterns</a> until recovery or the pattern retry period has been exceeded<br>- Upon recovery, the authorisation withdrawal process will need to be executed recognising the expectation in the rules that withdrawal of authorisation by a consumer will be communicated by a DH to an ADR</td>
</tr>
</tbody></table>
<h2 id='data-holder-unavailable'>Data Holder Unavailable</h2>
<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Result</strong></td>
<td>Accredited Data Recipients will not be able to communicate with Data Holders</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Accredited Data Recipients will not be able to inform the Data Holder of change in consent</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>Accredited Data Recipients will not be able to retrieve Product &amp; Consumer data</td>
</tr>
<tr>
<td><strong>Expectation</strong></td>
<td>- Accredited Data Recipients will need to continually poll the Data Holder until recovery </br>- Data Recipients will be able to check the <a href="https://consumerdatastandardsaustralia.github.io/standards/#get-outages">GetOutages</a> endpoint to determine when the Data Holder will become available<br>- Upon recovery, the consent withdrawal process will need to be executed as required</td>
</tr>
</tbody></table>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Result</strong></td>
<td>The CDR Register will not be able to communicate with the Data Holder</td>
</tr>
<tr>
<td><strong>Impact</strong></td>
<td>The CDR Register will not be able to retrieve metrics information</td>
</tr>
<tr>
<td><strong>Expectation</strong></td>
<td>The CDR Register will back-fill metrics once the Data Holder becomes available</td>
</tr>
</tbody></table>
<h2 id='backoff-patterns'>Backoff Patterns</h2>
<p>When endpoints are unavailable, as described in the above sections, there is a requirement that participants will poll the target endpoints until they become available.
Participants will be expected to implement robust solutions which cater for temporary outages.</p>

<p>The expectation is that either a long-term or a short-term pattern will be to be used to meet these polling requirements</p>
<h3 id='long-term-exponential-backoff-over-7-days'>Long-term: Exponential Backoff over 7 days</h3>
<p>The provided exponential backoff pseudocode can be used to poll unavailable endpoints for retry periods in the order of hours and days.</p>

<blockquote>
<p>Exponential Backoff Pseudocode</p>
</blockquote>
<pre class="highlight plaintext"><code>Call the Target EndPoint
MAX_WAIT_TIME=3600000 (1 hr)
waitTime = 0
DO
   waitTime=   (2^retries * 100) milliseconds
   wait for waitTime
    status = Get Status of API call
    IF status = SUCCESS
        retry = false   
    ELSE
        Unable to get a response or not a valid response
        retry = true
    END IF

WHILE (retry AND (waitTime &lt; MAX_WAIT_TIME))

Continue calls every MAX_WAIT_TIME for the remaining period(s)

</code></pre>
<p>The provided pseudocode will result in the following retry times</p>

<table><thead>
<tr>
<th>Retry Attempt</th>
<th>Wait Time (in milliseconds)</th>
</tr>
</thead><tbody>
<tr>
<td>1</td>
<td>200</td>
</tr>
<tr>
<td>2</td>
<td>400</td>
</tr>
<tr>
<td>3</td>
<td>800</td>
</tr>
<tr>
<td>4</td>
<td>1600</td>
</tr>
<tr>
<td>5</td>
<td>3200</td>
</tr>
<tr>
<td>6</td>
<td>6400</td>
</tr>
<tr>
<td>7</td>
<td>12800</td>
</tr>
<tr>
<td>8</td>
<td>25600</td>
</tr>
<tr>
<td>9</td>
<td>51200</td>
</tr>
<tr>
<td>10</td>
<td>102400</td>
</tr>
<tr>
<td>11</td>
<td>204800</td>
</tr>
<tr>
<td>12</td>
<td>409600</td>
</tr>
<tr>
<td>13</td>
<td>819200</td>
</tr>
<tr>
<td>14</td>
<td>1638400</td>
</tr>
<tr>
<td>15</td>
<td>3276800</td>
</tr>
<tr>
<td>16</td>
<td>3600000</td>
</tr>
<tr>
<td>remaining period(s)</td>
<td>3600000</td>
</tr>
</tbody></table>
<h3 id='short-term-fixed-periodic-retry-over-10-minutes'>Short-term: Fixed periodic retry over 10 minutes</h3>
<p>For short-term retries, implementers may choose polling a given endpoint once per minute until recovery, or retry period has been exceeded</p>
<h1 id='versioning'>Versioning</h1>
<p>ACCC will follow the versioning conventions outlined by the Data Standards Body. <br>
Refer <a href="https://consumerdatastandardsaustralia.github.io/standards/#versioning">https://consumerdatastandardsaustralia.github.io/standards/#versioning</a></p>

<p>Transition and deprecation strategies will be developed in consultation with the Data Standards Body and industry.</p>
<h1 id="consumer-data-right-cdr-register-apis">Register APIs</h1>

<table><thead>
<tr>
<th>API</th>
<th>Caller</th>
<th>Description</th>
<th>mTLS</th>
<th>TLS</th>
<th>Bearer Token</th>
</tr>
</thead><tbody>
<tr>
<td>GetOpenIdProviderConfig</td>
<td>Data Recipient Brand or Software Product</td>
<td>Discovery of CDR Register OpenID Configuration</td>
<td></td>
<td><i class="icon-check"></i></td>
<td></td>
</tr>
<tr>
<td>GetJWKS</td>
<td>Data Holder</td>
<td>Validate SSA and CDR Register authentication JWT signatures</td>
<td></td>
<td><i class="icon-check"></i></td>
<td></td>
</tr>
<tr>
<td>GetDataHolderBrands</td>
<td>Data Recipient Brand or Software Product</td>
<td>Discovery of DH Brands and their associated endpoints</td>
<td><i class="icon-check"></i></td>
<td></td>
<td><i class="icon-check"></i></td>
</tr>
<tr>
<td>GetSoftwareStatementAssertion</td>
<td>Data Recipient Brand or Software Product</td>
<td>Get SSA for a Software Product to be used in <a href="#dynamic-client-registration">Dynamic Client Registration</a></td>
<td><i class="icon-check"></i></td>
<td></td>
<td><i class="icon-check"></i></td>
</tr>
<tr>
<td>GetSoftwareProductsStatus</td>
<td>Data Holder Brand</td>
<td>Software Product Statuses to check validity of ADR <a href="#accredited-data-recipient-and-software-product-statuses">requests</a></td>
<td></td>
<td><i class="icon-check"></i></td>
<td></td>
</tr>
<tr>
<td>GetDataRecipientsStatus</td>
<td>Data Holder Brand</td>
<td>Data Recipient Statuses to check validity of ADR <a href="#accredited-data-recipient-and-software-product-statuses">requests</a></td>
<td></td>
<td><i class="icon-check"></i></td>
<td></td>
</tr>
<tr>
<td>GetDataRecipients</td>
<td>Data Holder Brand</td>
<td>Data Recipient, brand and product details to render Data Holder Consumer Dashboard</td>
<td></td>
<td><i class="icon-check"></i></td>
<td></td>
</tr>
</tbody></table>
<h3 id='base-urls'>Base URLs:</h3>
<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>Production TLS</strong></td>
<td>https://api.cdr.gov.au</td>
</tr>
<tr>
<td><strong>Production mTLS</strong></td>
<td>https://secure.api.cdr.gov.au</td>
</tr>
</tbody></table>
<h2 id='getopenidproviderconfig'>GetOpenIdProviderConfig</h2>
<p><a id="opIdGetOpenIdProviderConfig"></a></p>

<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET https://&lt;register-base-url&gt;/idp/.well-known/openid-configuration HTTP/1.1
Host: &lt;register-base-url&gt;
Accept: application/json

</code></pre>
<p><code>GET /.well-known/openid-configuration</code></p>

<p>Endpoint used by participants to discover the CDR Register OpenID configuration and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations.</p>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"issuer"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwks_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"claims_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"id_token_signing_alg_values_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"subject_types_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"code_challenge_methods_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"scopes_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"response_types_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"grant_types_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_methods_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"tls_client_certificate_bound_access_tokens"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w">
  </span><span class="s2">"request_object_signing_alg_values_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="getopenidproviderconfig-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>The OpenID Provider Configuration Metadata values</td>
<td><a href="#schemaresponseopenidproviderconfigmetadata">ResponseOpenIDProviderConfigMetadata</a></td>
</tr>
</tbody></table>

<aside class="success">
This operation does not require authentication
</aside>
<h2 id='getjwks'>GetJWKS</h2>
<p><a id="opIdGetJWKS"></a></p>

<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET https://&lt;register-base-url&gt;/cdr-register/v1/jwks HTTP/1.1
Host: &lt;register-base-url&gt;
Accept: application/json

</code></pre>
<p><code>GET /jwks</code></p>

<p>JWKS endpoint containing the public keys used by the CDR Register to validate the signature of issued SSAs and authenticate outbound calls to participants in the CDR</p>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"keys"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"e"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"key_ops"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
        </span><span class="s2">"string"</span><span class="w">
      </span><span class="p">],</span><span class="w">
      </span><span class="s2">"kid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"kty"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"n"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="getjwks-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>A JSON object that represents a set of JWKs</td>
<td><a href="#schemaresponsejwks">ResponseJWKS</a></td>
</tr>
</tbody></table>

<aside class="success">
This operation does not require authentication
</aside>
<h2 id='getdataholderbrands'>GetDataHolderBrands</h2>
<p><a id="opIdGetDataHolderBrands"></a></p>

<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET https://&lt;register-base-url&gt;/cdr-register/v1/{industry}/data-holders/brands HTTP/1.1
Host: &lt;register-base-url&gt;
Accept: application/json
Authorization: Bearer &lt;access-token&gt;
x-v: string

</code></pre>
<p><code>GET /{industry}/data-holders/brands</code></p>

<p>Allows Data Recipients to discover data holder brands available in the CDR ecosystem</p>

<h3>Endpoint Version</h3>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td>Version</td>
<td><strong>1</strong></td>
</tr>
</tbody></table>

<h3 id="getdataholderbrands-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The industry the participant is retrieving data for (Banking, etc)</td>
</tr>
<tr>
<td>updated-since</td>
<td>query</td>
<td>string(date-time)</td>
<td>false</td>
<td>query filter returns data holder brands updated since the specified date-time</td>
</tr>
<tr>
<td>page</td>
<td>query</td>
<td>integer(int32)</td>
<td>false</td>
<td>the page number to return</td>
</tr>
<tr>
<td>page-size</td>
<td>query</td>
<td>integer(int32)</td>
<td>false</td>
<td>the number of records to return per page</td>
</tr>
<tr>
<td>Authorization</td>
<td>header</td>
<td>string</td>
<td>true</td>
<td>An Authorisation Token as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
<tr>
<td>x-v</td>
<td>header</td>
<td>string</td>
<td>false</td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point requested by the client. Must be set to a positive integer.</td>
</tr>
</tbody></table>
<h4 id='enumerated-values'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>banking</td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"dataHolderBrandId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"brandName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"industry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"banking"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"legalEntity"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
        </span><span class="s2">"legalEntityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"legalEntityName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"registrationNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"registrationDate"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"registeredCountry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"abn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"acn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"arbn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"industryCode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"organisationType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SOLE_TRADER"</span><span class="w">
      </span><span class="p">},</span><span class="w">
      </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"endpointDetail"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
        </span><span class="s2">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"publicBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"resourceBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"infosecBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"extensionBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"websiteUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
      </span><span class="p">},</span><span class="w">
      </span><span class="s2">"authDetails"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
        </span><span class="p">{</span><span class="w">
          </span><span class="s2">"registerUType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SIGNED-JWT"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"jwksEndpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
        </span><span class="p">}</span><span class="w">
      </span><span class="p">],</span><span class="w">
      </span><span class="s2">"lastUpdated"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24T03:51:44Z"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"links"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="s2">"first"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"last"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"prev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"self"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">},</span><span class="w">
  </span><span class="s2">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="s2">"totalPages"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
    </span><span class="s2">"totalRecords"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="w">
  </span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="getdataholderbrands-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>Success</td>
<td><a href="#schemaresponseregisterdataholderbrandlist">ResponseRegisterDataHolderBrandList</a></td>
</tr>
<tr>
<td>400</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">Bad Request</a></td>
<td>Bad Request</br>Invalid industry path parameter</td>
<td><a href="#schemaresponseerrorlist">ResponseErrorList</a></td>
</tr>
<tr>
<td>401</td>
<td><a href="https://tools.ietf.org/html/rfc7235#section-3.1">Unauthorized</a></td>
<td>Invalid Bearer Token</td>
<td>None</td>
</tr>
<tr>
<td>406</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.6">Not Acceptable</a></td>
<td>Invalid x-v header</br>Invalid Accept header</td>
<td>None</td>
</tr>
</tbody></table>
<h3 id='response-headers'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td>x-v</td>
<td>string</td>
<td></td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point that the CDR Register has responded with.</td>
</tr>
</tbody></table>

<aside class="notice">
To perform this operation, you must be authenticated and authorised with the following scope: <span class="bold">cdr-register:bank:read</span>
</aside>
<h2 id='getsoftwarestatementassertion-ssa'>GetSoftwareStatementAssertion (SSA)</h2>
<p><a id="opIdGetSoftwareStatementAssertion"></a></p>

<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET https://&lt;register-base-url&gt;/cdr-register/v1/{industry}/data-recipients/brands/{dataRecipientBrandId}/software-products/{softwareProductId}/ssa HTTP/1.1
Host: &lt;register-base-url&gt;
Accept: application/json
Authorization: Bearer &lt;access-token&gt;
x-v: string

</code></pre>
<p><code>GET /{industry}/data-recipients/brands/{dataRecipientBrandId}/software-products/{softwareProductId}/ssa</code></p>

<h3>Endpoint Version</h3>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td>Version</td>
<td><strong>2</strong></td>
</tr>
</tbody></table>

<p>Get a Software Statement Assertion (SSA) for a software product on the CDR Register to be used for Dynamic Client Registration with a Data Holder Brand</p>

<h3 id="getsoftwarestatementassertion-(ssa)-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The industry the participant is retrieving data for (Banking, etc)</td>
</tr>
<tr>
<td>dataRecipientBrandId</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>Unique id for the Accredited Data Recipient Brand that the Software Product is associated with in the CDR Register. Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>softwareProductId</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>Unique id for the Accredited Data Recipient Software Product in the CDR Register. Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>Authorization</td>
<td>header</td>
<td>string</td>
<td>true</td>
<td>An Authorisation Token as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
<tr>
<td>x-v</td>
<td>header</td>
<td>string</td>
<td>false</td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point requested by the client. Must be set to a positive integer.</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-2'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>banking</td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="s2">"string"</span><span class="w">
</span></code></pre>
<h3 id="getsoftwarestatementassertion-(ssa)-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>Success</td>
<td>string</td>
</tr>
<tr>
<td>400</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">Bad Request</a></td>
<td>Invalid industry path parameter</br>Invalid SoftwareProductId</td>
<td><a href="#schemaresponseerrorlist">ResponseErrorList</a></td>
</tr>
<tr>
<td>401</td>
<td><a href="https://tools.ietf.org/html/rfc7235#section-3.1">Unauthorized</a></td>
<td>Invalid Bearer Token</td>
<td>None</td>
</tr>
<tr>
<td>403</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.3">Forbidden</a></td>
<td>Invalid BrandId</td>
<td><a href="#schemaresponseerrorlist">ResponseErrorList</a></td>
</tr>
<tr>
<td>406</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.6">Not Acceptable</a></td>
<td>Invalid x-v header</br>Invalid Accept header</td>
<td>None</td>
</tr>
<tr>
<td>422</td>
<td><a href="https://tools.ietf.org/html/rfc2518#section-10.3">Unprocessable Entity</a></td>
<td>SSA fields invalid or incomplete</td>
<td><a href="#schemaresponseerrorlist">ResponseErrorList</a></td>
</tr>
</tbody></table>
<h3 id='response-headers-2'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td>x-v</td>
<td>string</td>
<td></td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point that the CDR Register has responded with.</td>
</tr>
</tbody></table>

<aside class="success">
This operation does not require authentication
</aside>
<h2 id='getsoftwareproductsstatus'>GetSoftwareProductsStatus</h2>
<p><a id="opIdGetSoftwareProductsStatus"></a></p>

<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET https://&lt;register-base-url&gt;/cdr-register/v1/{industry}/data-recipients/brands/software-products/status HTTP/1.1
Host: &lt;register-base-url&gt;
Accept: application/json
x-v: string

</code></pre>
<p><code>GET /{industry}/data-recipients/brands/software-products/status</code></p>

<p>Endpoint used by participants to discover the statuses for software products from the CDR Register</p>

<h3>Endpoint Version</h3>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td>Version</td>
<td><strong>1</strong></td>
</tr>
</tbody></table>

<h3 id="getsoftwareproductsstatus-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The industry the participant is retrieving data for (Banking, etc)</td>
</tr>
<tr>
<td>x-v</td>
<td>header</td>
<td>string</td>
<td>false</td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point requested by the client. Must be set to a positive integer.</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-3'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>banking</td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"softwareProducts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"softwareProductStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="getsoftwareproductsstatus-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>Success</td>
<td><a href="#schemasoftwareproductsstatuslist">SoftwareProductsStatusList</a></td>
</tr>
<tr>
<td>400</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">Bad Request</a></td>
<td>Bad Request</br>Invalid industry path parameter</td>
<td><a href="#schemaresponseerrorlist">ResponseErrorList</a></td>
</tr>
<tr>
<td>406</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.6">Not Acceptable</a></td>
<td>Invalid x-v header</br>Invalid Accept header</td>
<td>None</td>
</tr>
</tbody></table>
<h3 id='response-headers-3'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td>x-v</td>
<td>string</td>
<td></td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point that the CDR Register has responded with.</td>
</tr>
</tbody></table>

<aside class="success">
This operation does not require authentication
</aside>
<h2 id='getdatarecipientsstatus'>GetDataRecipientsStatus</h2>
<p><a id="opIdGetDataRecipientsStatus"></a></p>

<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET https://&lt;register-base-url&gt;/cdr-register/v1/{industry}/data-recipients/status HTTP/1.1
Host: &lt;register-base-url&gt;
Accept: application/json
x-v: string

</code></pre>
<p><code>GET /{industry}/data-recipients/status</code></p>

<p>Endpoint used by participants to discover the statuses for Data Recipients from the CDR Register</p>

<h3>Endpoint Version</h3>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td>Version</td>
<td><strong>1</strong></td>
</tr>
</tbody></table>

<h3 id="getdatarecipientsstatus-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The industry the participant is retrieving data for (Banking, etc)</td>
</tr>
<tr>
<td>x-v</td>
<td>header</td>
<td>string</td>
<td>false</td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point requested by the client. Must be set to a positive integer.</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-4'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>banking</td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"dataRecipients"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"dataRecipientId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"dataRecipientStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="getdatarecipientsstatus-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>Success</td>
<td><a href="#schemadatarecipientsstatuslist">DataRecipientsStatusList</a></td>
</tr>
<tr>
<td>400</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">Bad Request</a></td>
<td>Bad Request</br>Invalid industry path parameter</td>
<td><a href="#schemaresponseerrorlist">ResponseErrorList</a></td>
</tr>
<tr>
<td>406</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.6">Not Acceptable</a></td>
<td>Invalid x-v header</br>Invalid Accept header</td>
<td>None</td>
</tr>
</tbody></table>
<h3 id='response-headers-4'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td>x-v</td>
<td>string</td>
<td></td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point that the CDR Register has responded with.</td>
</tr>
</tbody></table>

<aside class="success">
This operation does not require authentication
</aside>
<h2 id='getdatarecipients'>GetDataRecipients</h2>
<p><a id="opIdGetDataRecipients"></a></p>

<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET https://&lt;register-base-url&gt;/cdr-register/v1/{industry}/data-recipients HTTP/1.1
Host: &lt;register-base-url&gt;
Accept: application/json
x-v: string

</code></pre>
<p><code>GET /{industry}/data-recipients</code></p>

<p>Endpoint used by participants to discover data recipients and associated brands and software products, available in the CDR ecosystem</p>

<h3>Endpoint Version</h3>

<table><thead>
<tr>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td>Version</td>
<td><strong>2</strong></td>
</tr>
</tbody></table>

<h3 id="getdatarecipients-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The industry the participant is retrieving data for (Banking, etc)</td>
</tr>
<tr>
<td>x-v</td>
<td>header</td>
<td>string</td>
<td>false</td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point requested by the client. Must be set to a positive integer.</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-5'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>banking</td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"legalEntityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"legalEntityName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"accreditationNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"industry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"banking"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"dataRecipientBrands"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
        </span><span class="p">{</span><span class="w">
          </span><span class="s2">"dataRecipientBrandId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"brandName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"softwareProducts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
            </span><span class="p">{</span><span class="w">
              </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"softwareProductName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"softwareProductDescription"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
            </span><span class="p">}</span><span class="w">
          </span><span class="p">],</span><span class="w">
          </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
        </span><span class="p">}</span><span class="w">
      </span><span class="p">],</span><span class="w">
      </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"lastUpdated"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24T03:51:44Z"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="getdatarecipients-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>Success</td>
<td><a href="#schemaresponseregisterdatarecipientlist">ResponseRegisterDataRecipientList</a></td>
</tr>
<tr>
<td>400</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">Bad Request</a></td>
<td>Bad Request</br>Invalid industry path parameter</td>
<td><a href="#schemaresponseerrorlist">ResponseErrorList</a></td>
</tr>
<tr>
<td>406</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.6">Not Acceptable</a></td>
<td>Invalid x-v header</br>Invalid Accept header</td>
<td>None</td>
</tr>
</tbody></table>
<h3 id='response-headers-5'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td>x-v</td>
<td>string</td>
<td></td>
<td>The <a href="https://consumerdatastandardsaustralia.github.io/standards/#response-headers">version</a> of the API end point that the CDR Register has responded with.</td>
</tr>
</tbody></table>

<aside class="success">
This operation does not require authentication
</aside>
<h1 id='schemas'>Schemas</h1>
<h2 id="tocSresponseopenidproviderconfigmetadata">ResponseOpenIDProviderConfigMetadata</h2>

<p><a id="schemaresponseopenidproviderconfigmetadata"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"issuer"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwks_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"claims_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"id_token_signing_alg_values_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"subject_types_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"code_challenge_methods_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"scopes_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"response_types_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"grant_types_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_methods_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"tls_client_certificate_bound_access_tokens"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w">
  </span><span class="s2">"request_object_signing_alg_values_supported"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Response containing the Open ID Provider Configuration Metadata</em></p>
<h3 id='properties'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>issuer</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>URL using the https scheme with no query or fragment component that the CDR Register asserts as its Issuer Identifier</td>
</tr>
<tr>
<td>jwks_uri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>URL of the CDR Register&#39;s JSON Web Key Set [JWK] document. This contains the signing key(s) used to validate access tokens issued from the CDR Register. Note that this differs from the <a href="https://cdr-register.github.io/register/#getjwks">JWKS endpoint</a> used to validate SSAs and CDR Register client authentication</td>
</tr>
<tr>
<td>token_endpoint</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>URL of the CDR Register&#39;s OAuth 2.0 Token Endpoint</td>
</tr>
<tr>
<td>claims_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of the Claim Names of the Claims that the CDR Register supplies values for</td>
</tr>
<tr>
<td>id_token_signing_alg_values_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of the JWS signing algorithms (alg values) supported by the CDR Register for the ID Token to encode the Claims in a JWT. Given the CDR Register does not issue ID tokens, this field can be safely ignored</td>
</tr>
<tr>
<td>subject_types_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of the Subject Identifier types that the CDR Register supports. Given the CDR Register does not issue ID tokens, this field can be safely ignored</td>
</tr>
<tr>
<td>code_challenge_methods_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. Given the CDR Register does not support PKCE, this field can be safely ignored</td>
</tr>
<tr>
<td>scopes_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that the CDR Register supports</td>
</tr>
<tr>
<td>response_types_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of the OAuth 2.0 response_type values that the CDR Registrer supports</td>
</tr>
<tr>
<td>grant_types_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of the OAuth 2.0 Grant Type values that the CDR Register supports</td>
</tr>
<tr>
<td>token_endpoint_auth_methods_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of Client Authentication methods supported by this Token Endpoint</td>
</tr>
<tr>
<td>tls_client_certificate_bound_access_tokens</td>
<td>boolean</td>
<td>true</td>
<td>none</td>
<td>Boolean value indicating server support for mutual TLS client certificate bound access tokens</td>
</tr>
<tr>
<td>request_object_signing_alg_values_supported</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>JSON array containing a list of the JWS signing algorithms (alg values) supported by the CDR Register for Request Objects.</td>
</tr>
</tbody></table>

<h2 id="tocSresponsejwks">ResponseJWKS</h2>

<p><a id="schemaresponsejwks"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"keys"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"e"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"key_ops"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
        </span><span class="s2">"string"</span><span class="w">
      </span><span class="p">],</span><span class="w">
      </span><span class="s2">"kid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"kty"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"n"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Response containing the JSON Web Key Set</em></p>
<h3 id='properties-2'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>keys</td>
<td>[<a href="#schemajwk">JWK</a>]</td>
<td>true</td>
<td>none</td>
<td>The value of the &quot;keys&quot; parameter is an array of JWK values</td>
</tr>
</tbody></table>

<h2 id="tocSjwk">JWK</h2>

<p><a id="schemajwk"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"e"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"key_ops"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"kid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"kty"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"n"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Object representing a JSON Web Key</em></p>
<h3 id='properties-3'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>alg</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The &quot;alg&quot; (algorithm) parameter identifies the algorithm intended for use with the key</td>
</tr>
<tr>
<td>e</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The &quot;e&quot; RSA public exponent parameter</td>
</tr>
<tr>
<td>key_ops</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>The &quot;key_ops&quot; (key operations) parameter identifies the operation(s) for which the key is intended to be used</td>
</tr>
<tr>
<td>kid</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The &quot;kid&quot; (key ID) parameter is partially used to match a specific key. Note the &quot;kid&quot; parameter is not guaranteed unique and additional parameters should be used to progressively to identify a key within a set</td>
</tr>
<tr>
<td>kty</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The &quot;kty&quot; (key type) parameter identifies the cryptographic algorithm family used with the key</td>
</tr>
<tr>
<td>n</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The &quot;n&quot; RSA public modulus parameter</td>
</tr>
</tbody></table>

<h2 id="tocSresponseregisterdataholderbrandlist">ResponseRegisterDataHolderBrandList</h2>

<p><a id="schemaresponseregisterdataholderbrandlist"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"dataHolderBrandId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"brandName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"industry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"banking"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"legalEntity"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
        </span><span class="s2">"legalEntityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"legalEntityName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"registrationNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"registrationDate"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"registeredCountry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"abn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"acn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"arbn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"industryCode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"organisationType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SOLE_TRADER"</span><span class="w">
      </span><span class="p">},</span><span class="w">
      </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"endpointDetail"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
        </span><span class="s2">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"publicBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"resourceBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"infosecBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"extensionBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
        </span><span class="s2">"websiteUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
      </span><span class="p">},</span><span class="w">
      </span><span class="s2">"authDetails"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
        </span><span class="p">{</span><span class="w">
          </span><span class="s2">"registerUType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SIGNED-JWT"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"jwksEndpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
        </span><span class="p">}</span><span class="w">
      </span><span class="p">],</span><span class="w">
      </span><span class="s2">"lastUpdated"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24T03:51:44Z"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"links"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="s2">"first"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"last"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"prev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"self"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">},</span><span class="w">
  </span><span class="s2">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="s2">"totalPages"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
    </span><span class="s2">"totalRecords"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="w">
  </span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Response containing a list of CDR Register Data Holder Brand objects</em></p>
<h3 id='properties-4'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>data</td>
<td>[<a href="#schemaregisterdataholderbrand">RegisterDataHolderBrand</a>]</td>
<td>true</td>
<td>none</td>
<td>Response data for the query</td>
</tr>
<tr>
<td>links</td>
<td><a href="#schemalinkspaginated">LinksPaginated</a></td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
<tr>
<td>meta</td>
<td><a href="#schemametapaginated">MetaPaginated</a></td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
</tbody></table>

<h2 id="tocSregisterdataholderbrand">RegisterDataHolderBrand</h2>

<p><a id="schemaregisterdataholderbrand"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"dataHolderBrandId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"brandName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"industry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"banking"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legalEntity"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="s2">"legalEntityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"legalEntityName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"registrationNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"registrationDate"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"registeredCountry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"abn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"acn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"arbn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"industryCode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"organisationType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SOLE_TRADER"</span><span class="w">
  </span><span class="p">},</span><span class="w">
  </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"endpointDetail"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="s2">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"publicBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"resourceBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"infosecBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"extensionBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"websiteUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
  </span><span class="p">},</span><span class="w">
  </span><span class="s2">"authDetails"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"registerUType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SIGNED-JWT"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"jwksEndpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"lastUpdated"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24T03:51:44Z"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-5'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>dataHolderBrandId</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique id of the Data Holder Brand issued by the CDR Register. Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>brandName</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The name of Data Holder Brand</td>
</tr>
<tr>
<td>industry</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The industry the Data Holder brand belongs to (Banking, etc)</td>
</tr>
<tr>
<td>logoUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Brand logo URI</td>
</tr>
<tr>
<td>legalEntity</td>
<td><a href="#schemalegalentitydetail">LegalEntityDetail</a></td>
<td>true</td>
<td>none</td>
<td>The data that is common to all organisations, regardless of the type (e.g. company, trust, partnership, government)</td>
</tr>
<tr>
<td>status</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
<tr>
<td>endpointDetail</td>
<td><a href="#schemaregisterdataholderbrandserviceendpoint">RegisterDataHolderBrandServiceEndpoint</a></td>
<td>true</td>
<td>none</td>
<td>Endpoints related to Data Holder Brand services</td>
</tr>
<tr>
<td>authDetails</td>
<td>[<a href="#schemaregisterdataholderauth">RegisterDataHolderAuth</a>]</td>
<td>true</td>
<td>none</td>
<td>[Provides details of authorisation endpoints for Data Holders]</td>
</tr>
<tr>
<td>lastUpdated</td>
<td>string(date-time)</td>
<td>true</td>
<td>none</td>
<td>The date/time that the Data Holder Brand data was last updated in the Register</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-6'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>banking</td>
</tr>
<tr>
<td>status</td>
<td>ACTIVE</td>
</tr>
<tr>
<td>status</td>
<td>INACTIVE</td>
</tr>
<tr>
<td>status</td>
<td>REMOVED</td>
</tr>
</tbody></table>

<h2 id="tocSsoftwareproductsstatuslist">SoftwareProductsStatusList</h2>

<p><a id="schemasoftwareproductsstatuslist"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"softwareProducts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"softwareProductStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-6'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>softwareProducts</td>
<td>[<a href="#schemasoftwareproductstatus">SoftwareProductStatus</a>]</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
</tbody></table>

<h2 id="tocSsoftwareproductstatus">SoftwareProductStatus</h2>

<p><a id="schemasoftwareproductstatus"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"softwareProductStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-7'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>softwareProductId</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique id of the software product issued by the CDR Register.  Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>softwareProductStatus</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Software product status in the CDR Register</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-7'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>softwareProductStatus</td>
<td>ACTIVE</td>
</tr>
<tr>
<td>softwareProductStatus</td>
<td>INACTIVE</td>
</tr>
<tr>
<td>softwareProductStatus</td>
<td>REMOVED</td>
</tr>
</tbody></table>

<h2 id="tocSdatarecipientsstatuslist">DataRecipientsStatusList</h2>

<p><a id="schemadatarecipientsstatuslist"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"dataRecipients"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"dataRecipientId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"dataRecipientStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-8'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>dataRecipients</td>
<td>[<a href="#schemadatarecipientstatus">DataRecipientStatus</a>]</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
</tbody></table>

<h2 id="tocSdatarecipientstatus">DataRecipientStatus</h2>

<p><a id="schemadatarecipientstatus"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"dataRecipientId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"dataRecipientStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-9'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>dataRecipientId</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique id of the Data Recipient issued by the CDR Register.  Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>dataRecipientStatus</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Data Recipient status in the CDR Register</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-8'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>dataRecipientStatus</td>
<td>ACTIVE</td>
</tr>
<tr>
<td>dataRecipientStatus</td>
<td>SUSPENDED</td>
</tr>
<tr>
<td>dataRecipientStatus</td>
<td>REVOKED</td>
</tr>
<tr>
<td>dataRecipientStatus</td>
<td>SURRENDERED</td>
</tr>
</tbody></table>

<h2 id="tocSresponseregisterdatarecipientlist">ResponseRegisterDataRecipientList</h2>

<p><a id="schemaresponseregisterdatarecipientlist"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"legalEntityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"legalEntityName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"accreditationNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"industry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"banking"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"dataRecipientBrands"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
        </span><span class="p">{</span><span class="w">
          </span><span class="s2">"dataRecipientBrandId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"brandName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"softwareProducts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
            </span><span class="p">{</span><span class="w">
              </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"softwareProductName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"softwareProductDescription"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
              </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
            </span><span class="p">}</span><span class="w">
          </span><span class="p">],</span><span class="w">
          </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
        </span><span class="p">}</span><span class="w">
      </span><span class="p">],</span><span class="w">
      </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"lastUpdated"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24T03:51:44Z"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Response containing a list of Data Recipients in the CDR Register</em></p>
<h3 id='properties-10'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>data</td>
<td>[<a href="#schemaregisterdatarecipient">RegisterDataRecipient</a>]</td>
<td>true</td>
<td>none</td>
<td>Response data for the query</td>
</tr>
</tbody></table>

<h2 id="tocSregisterdatarecipient">RegisterDataRecipient</h2>

<p><a id="schemaregisterdatarecipient"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"legalEntityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legalEntityName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"accreditationNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"industry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"banking"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"dataRecipientBrands"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"dataRecipientBrandId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"brandName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"softwareProducts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
        </span><span class="p">{</span><span class="w">
          </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"softwareProductName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"softwareProductDescription"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
          </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
        </span><span class="p">}</span><span class="w">
      </span><span class="p">],</span><span class="w">
      </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"lastUpdated"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24T03:51:44Z"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-11'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>legalEntityId</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique id of the Data Recipient Legal Entity issued by the CDR Register.  Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>legalEntityName</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Legal name of the Data Recipient</td>
</tr>
<tr>
<td>accreditationNumber</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>CDR Register issued human readable unique number given to Data Recipients upon accreditation</td>
</tr>
<tr>
<td>industry</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
<tr>
<td>logoUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Legal Entity logo URI</td>
</tr>
<tr>
<td>dataRecipientBrands</td>
<td>[<a href="#schemadatarecipientbrandmetadata">DataRecipientBrandMetaData</a>]</td>
<td>false</td>
<td>none</td>
<td>[Metadata related to Data Recipient Brand]</td>
</tr>
<tr>
<td>status</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
<tr>
<td>lastUpdated</td>
<td>string(date-time)</td>
<td>true</td>
<td>none</td>
<td>The date/time that the Legal Entity was last updated in the CDR Register</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-9'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>industry</td>
<td>banking</td>
</tr>
<tr>
<td>status</td>
<td>ACTIVE</td>
</tr>
<tr>
<td>status</td>
<td>SUSPENDED</td>
</tr>
<tr>
<td>status</td>
<td>REVOKED</td>
</tr>
<tr>
<td>status</td>
<td>SURRENDERED</td>
</tr>
</tbody></table>

<h2 id="tocSdatarecipientbrandmetadata">DataRecipientBrandMetaData</h2>

<p><a id="schemadatarecipientbrandmetadata"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"dataRecipientBrandId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"brandName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"softwareProducts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"softwareProductName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"softwareProductDescription"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Metadata related to Data Recipient Brand</em></p>
<h3 id='properties-12'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>dataRecipientBrandId</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique id of the Data Recipient brand issued by the CDR Register.  Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>brandName</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Data Recipient Brand name</td>
</tr>
<tr>
<td>logoUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Data Recipient Brand logo URI</td>
</tr>
<tr>
<td>softwareProducts</td>
<td>[<a href="#schemasoftwareproductmetadata">SoftwareProductMetaData</a>]</td>
<td>false</td>
<td>none</td>
<td>[Data Recipient Brand Software Products]</td>
</tr>
<tr>
<td>status</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-10'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>status</td>
<td>ACTIVE</td>
</tr>
<tr>
<td>status</td>
<td>INACTIVE</td>
</tr>
<tr>
<td>status</td>
<td>REMOVED</td>
</tr>
</tbody></table>

<h2 id="tocSsoftwareproductmetadata">SoftwareProductMetaData</h2>

<p><a id="schemasoftwareproductmetadata"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"softwareProductId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"softwareProductName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"softwareProductDescription"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Data Recipient Brand Software Products</em></p>
<h3 id='properties-13'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>softwareProductId</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique id of the Data Recipient software product issued by the CDR Register.  Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>softwareProductName</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Name of the software product</td>
</tr>
<tr>
<td>softwareProductDescription</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Description of the software product</td>
</tr>
<tr>
<td>logoUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Software product logo URI</td>
</tr>
<tr>
<td>status</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-11'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>status</td>
<td>ACTIVE</td>
</tr>
<tr>
<td>status</td>
<td>INACTIVE</td>
</tr>
<tr>
<td>status</td>
<td>REMOVED</td>
</tr>
</tbody></table>

<h2 id="tocSlegalentitydetail">LegalEntityDetail</h2>

<p><a id="schemalegalentitydetail"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"legalEntityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legalEntityName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logoUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"registrationNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"registrationDate"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-10-24"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"registeredCountry"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"abn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"acn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"arbn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"industryCode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"organisationType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SOLE_TRADER"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>The data that is common to all organisations, regardless of the type (e.g. company, trust, partnership, government)</em></p>
<h3 id='properties-14'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>legalEntityId</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique id of the organisation issued by the CDR Register.  Refer to <a href="https://cdr-register.github.io/register/#identifiers">Identifiers</a> for details</td>
</tr>
<tr>
<td>legalEntityName</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique legal name of the organisation</td>
</tr>
<tr>
<td>logoUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Legal Entity logo URI</td>
</tr>
<tr>
<td>registrationNumber</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Unique registration number (if the company is registered outside Australia)</td>
</tr>
<tr>
<td>registrationDate</td>
<td>string(date)</td>
<td>false</td>
<td>none</td>
<td>Date of registration (if the company is registered outside Australia)</td>
</tr>
<tr>
<td>registeredCountry</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Country of registeration (if the company is registered outside Australia)</td>
</tr>
<tr>
<td>abn</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Australian Business Number for the organisation</td>
</tr>
<tr>
<td>acn</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Australian Company Number for the organisation</td>
</tr>
<tr>
<td>arbn</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Australian Registered Body Number.  ARBNs are issued to registrable Australian bodies and foreign companies</td>
</tr>
<tr>
<td>industryCode</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Industry Code for the organisation. <a href="http://www.abs.gov.au/anzsic">ANZSIC (2006)</a></td>
</tr>
<tr>
<td>organisationType</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Legal organisation type</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-12'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>organisationType</td>
<td>SOLE_TRADER</td>
</tr>
<tr>
<td>organisationType</td>
<td>COMPANY</td>
</tr>
<tr>
<td>organisationType</td>
<td>PARTNERSHIP</td>
</tr>
<tr>
<td>organisationType</td>
<td>TRUST</td>
</tr>
<tr>
<td>organisationType</td>
<td>GOVERNMENT_ENTITY</td>
</tr>
<tr>
<td>organisationType</td>
<td>OTHER</td>
</tr>
</tbody></table>

<h2 id="tocSregisterdataholderbrandserviceendpoint">RegisterDataHolderBrandServiceEndpoint</h2>

<p><a id="schemaregisterdataholderbrandserviceendpoint"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"publicBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"resourceBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"infosecBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"extensionBaseUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"websiteUri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Endpoints related to Data Holder Brand services</em></p>
<h3 id='properties-15'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>version</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The major version of the high level standards. This is not the version of the endpoint or the payload being requested but the version of the overall standards being applied. This version number will be &quot;v&quot; followed by the major version of the standards as a positive integer (e.g. v1, v12 or v76)</td>
</tr>
<tr>
<td>publicBaseUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Base URI for the Data Holder&#39;s Consumer Data Standard public endpoints</td>
</tr>
<tr>
<td>resourceBaseUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Base URI for the Data Holder&#39;s Consumer Data Standard resource endpoints</td>
</tr>
<tr>
<td>infosecBaseUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Base URI for the Data Holder&#39;s Consumer Data Standard information security endpoints</td>
</tr>
<tr>
<td>extensionBaseUri</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Base URI for the Data Holder extension endpoints to the Consumer Data Standard (optional)</td>
</tr>
<tr>
<td>websiteUri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Publicly available website or web resource URI</td>
</tr>
</tbody></table>

<h2 id="tocSregisterdataholderauth">RegisterDataHolderAuth</h2>

<p><a id="schemaregisterdataholderauth"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"registerUType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SIGNED-JWT"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwksEndpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre>
<p><em>Provides details of authorisation endpoints for Data Holders</em></p>
<h3 id='properties-16'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>registerUType</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The type of authentication and authorisation mechanism in use</td>
</tr>
<tr>
<td>jwksEndpoint</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>JWKS endpoint for private_key_jwt client authentication with Data Recipient</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-13'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>registerUType</td>
<td>SIGNED-JWT</td>
</tr>
</tbody></table>

<h2 id="tocSlinkspaginated">LinksPaginated</h2>

<p><a id="schemalinkspaginated"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"first"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"last"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"prev"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"self"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-17'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>first</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URI to the first page of this set. Mandatory if this response is not the first page</td>
</tr>
<tr>
<td>last</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URI to the last page of this set. Mandatory if this response is not the last page</td>
</tr>
<tr>
<td>next</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URI to the next page of this set. Mandatory if this response is not the last page</td>
</tr>
<tr>
<td>prev</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URI to the previous page of this set. Mandatory if this response is not the first page</td>
</tr>
<tr>
<td>self</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Fully qualified link to this API call</td>
</tr>
</tbody></table>

<h2 id="tocSmetapaginated">MetaPaginated</h2>

<p><a id="schemametapaginated"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"totalPages"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
  </span><span class="s2">"totalRecords"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-18'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>totalPages</td>
<td>integer(int32)</td>
<td>true</td>
<td>none</td>
<td>The total number of pages in the full set</td>
</tr>
<tr>
<td>totalRecords</td>
<td>integer(int32)</td>
<td>true</td>
<td>none</td>
<td>The total number of records in the full set</td>
</tr>
</tbody></table>

<h2 id="tocSresponseerrorlist">ResponseErrorList</h2>

<p><a id="schemaresponseerrorlist"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"errors"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="s2">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"detail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
      </span><span class="s2">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{}</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-19'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>errors</td>
<td>[<a href="#schemaerror">Error</a>]</td>
<td>true</td>
<td>none</td>
<td>none</td>
</tr>
</tbody></table>

<h2 id="tocSerror">Error</h2>

<p><a id="schemaerror"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"detail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{}</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-20'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>code</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Error code</td>
</tr>
<tr>
<td>title</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Error title</td>
</tr>
<tr>
<td>detail</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Error detail</td>
</tr>
<tr>
<td>meta</td>
<td>object</td>
<td>false</td>
<td>none</td>
<td>Optional additional data for specific error types</td>
</tr>
</tbody></table>
<h1 id='dcr-api'>DCR API</h1>
<p>This specification defines the APIs for Data Holders exposing Dynamic Client Registration endpoints</p>

<p><br>
<table>
<tr><td><a href='./includes/swagger/swagger_dcr.json'>DCR Swagger (JSON)</a></td></tr>
<tr><td><a href='./includes/swagger/swagger_dcr.yaml'>DCR Swagger (YAML)</a></td></tr>
</table></p>
<h2 id='register-a-client-using-a-cdr-register-issued-software-statement-assertion'>Register a client using a CDR Register issued Software Statement Assertion</h2>
<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>HTTP/1.1 POST /register 
Content-Type: application/jwt
Accept: application/json
x-v: string

</code></pre>
<p><code>POST /register</code></p>

<blockquote>
<p>Body parameter</p>
</blockquote>
<pre class="highlight plaintext"><code>eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
</code></pre>
<h3 id="register-a-client-using-a-cdr-register-issued-software-statement-assertion-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>registrationRequest</td>
<td>body</td>
<td>string(jwt)</td>
<td>true</td>
<td>The registration request JWT, as defined in <a href="https://cdr-register.github.io/register/#dynamic-client-registration">Dynamic Client Registration</a>, to be used to register with a Data Holder</td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>201 Response</p>
</blockquote>
<pre class="highlight plaintext"><code>HTTP/1.1 201 Created
Content-Type: application/json
</code></pre><pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"35a5a70b-5b8d-41f4-9cbd-96cfbc15c58a"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_id_issued_at"</span><span class="p">:</span><span class="w"> </span><span class="mi">1571808167</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Software"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A mock software product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"344F0E809-BDBE-4F8E-BD30-5E6C3CB78D7B"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Pty Ltd."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Brand."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"redirect_uris"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect1"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect2"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"sector_identifier_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/sector_identifier.json"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logo_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/logos/logo1.png"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"tos_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/tos.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"policy_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/policy.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwks_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/jwks"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"revocation_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/revocation"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"recipient_base_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"private_key_jwt"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"grant_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"client_credentials"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"response_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"code id_token"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"application_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_signed_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RSA-OAEP"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_enc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A256GCM"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"request_object_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_statement"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"740C368F-ECF9-4D29-A2EA-0514A66B0CDE"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_roles"</span><span class="p">:</span><span class="w"> </span><span class="s2">"data-recipient-software-product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"openid profile bank:accounts.basic:read bank:accounts.detail:read bank:transactions:read bank:payees:read bank:regular_payments:read common:customer.basic:read common:customer.detail:read cdr:registration"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<blockquote>
<p>400 Responses</p>
</blockquote>
<pre class="highlight plaintext"><code>HTTP/1.1 400 Bad Request
Content-Type: application/json
</code></pre><pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
 </span><span class="s2">"error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"invalid_redirect_uri"</span><span class="p">,</span><span class="w">
 </span><span class="s2">"error_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"One or more redirect_uri values are invalid"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre><pre class="highlight plaintext"><code>HTTP/1.1 400 Bad Request
Content-Type: application/json
</code></pre><pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
 </span><span class="s2">"error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"invalid_software_statement"</span><span class="p">,</span><span class="w">
 </span><span class="s2">"error_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Duplicate registrations for a given software_id are not invalid"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="register-a-client-using-a-cdr-register-issued-software-statement-assertion-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>201</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.2">Created</a></td>
<td>Client registration success</td>
<td><a href="#schemaregistrationproperties">RegistrationProperties</a></td>
</tr>
<tr>
<td>400</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">Bad Request</a></td>
<td>Request failed due to client error</td>
<td><a href="#schemaregistrationerror">RegistrationError</a></td>
</tr>
</tbody></table>

<aside class="success">
This operation does not require authentication
</aside>
<h2 id='get-a-client-registration-for-a-given-client-id'>Get a Client Registration for a given Client ID</h2>
<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>GET /register/{ClientId} HTTP/1.1
Accept: application/json
Authorization: Bearer &lt;access-token&gt;

</code></pre>
<p><code>GET /register/{ClientId}</code></p>

<h3 id="get-a-client-registration-for-a-given-client-id-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>ClientId</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The client ID issued by the target Data Holder</td>
</tr>
<tr>
<td>Authorization</td>
<td>header</td>
<td>string</td>
<td>true</td>
<td>An Authorisation Token as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"35a5a70b-5b8d-41f4-9cbd-96cfbc15c58a"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_id_issued_at"</span><span class="p">:</span><span class="w"> </span><span class="mi">1571808167</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Software"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A mock software product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"344F0E809-BDBE-4F8E-BD30-5E6C3CB78D7B"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Pty Ltd."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Brand."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"redirect_uris"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect1"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect2"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"sector_identifier_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/sector_identifier.json"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logo_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/logos/logo1.png"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"tos_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/tos.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"policy_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/policy.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwks_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/jwks"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"revocation_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/revocation"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"recipient_base_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"private_key_jwt"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"grant_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"client_credentials"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"response_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"code id_token"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"application_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_signed_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RSA-OAEP"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_enc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A256GCM"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"request_object_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_statement"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"740C368F-ECF9-4D29-A2EA-0514A66B0CDE"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_roles"</span><span class="p">:</span><span class="w"> </span><span class="s2">"data-recipient-software-product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"openid profile bank:accounts.basic:read bank:accounts.detail:read bank:transactions:read bank:payees:read bank:regular_payments:read common:customer.basic:read common:customer.detail:read cdr:registration"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<blockquote>
<p>401 Response</p>
</blockquote>
<pre class="highlight plaintext"><code>HTTP/1.1 401 Unauthorized
WWW-Authenticate:   Bearer error="invalid_token", 
                    error_description="The access token expired"
</code></pre>
<h3 id="get-a-client-registration-for-a-given-client-id-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>Client registration retrieval success</td>
<td><a href="#schemaregistrationproperties">RegistrationProperties</a></td>
</tr>
<tr>
<td>401</td>
<td><a href="https://tools.ietf.org/html/rfc7235#section-3.1">Unauthorized</a></td>
<td>Request failed due to unknown or invalid Client or invalid access token</td>
<td>None</td>
</tr>
<tr>
<td>403</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.3">Forbidden</a></td>
<td>The client does not have permission to read, update or delete the Client</td>
<td>None</td>
</tr>
</tbody></table>
<h3 id='response-headers'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>401</td>
<td>WWW-Authenticate</td>
<td>string</td>
<td></td>
<td>The Response Header Field as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
</tbody></table>

<aside class="notice">
To perform this operation, you must be authenticated and authorised with the following scope: <span class="bold">cdr:registration</span>
</aside>
<h2 id='update-a-client-registration-for-a-given-client-id'>Update a Client Registration for a given Client ID</h2>
<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>PUT /register/{ClientId} HTTP/1.1
Content-Type: application/jwt
Accept: application/json
Authorization: Bearer &lt;access-token&gt;

</code></pre>
<p><code>PUT /register/{ClientId}</code></p>

<blockquote>
<p>Body parameter</p>
</blockquote>
<pre class="highlight plaintext"><code>eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
</code></pre>
<h3 id="update-a-client-registration-for-a-given-client-id-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>ClientId</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The client ID issued by the target Data Holder</td>
</tr>
<tr>
<td>Authorization</td>
<td>header</td>
<td>string</td>
<td>true</td>
<td>An Authorisation Token as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
<tr>
<td>registrationRequest</td>
<td>body</td>
<td>string(jwt)</td>
<td>true</td>
<td>The registration request JWT, as defined in <a href="https://cdr-register.github.io/register/#dynamic-client-registration">Dynamic Client Registration</a>, to be used to register with a Data Holder.</td>
</tr>
</tbody></table>

<blockquote>
<p>Example responses</p>

<p>200 Response</p>
</blockquote>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"35a5a70b-5b8d-41f4-9cbd-96cfbc15c58a"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_id_issued_at"</span><span class="p">:</span><span class="w"> </span><span class="mi">1571808167</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Software"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A mock software product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"344F0E809-BDBE-4F8E-BD30-5E6C3CB78D7B"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Pty Ltd."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Brand."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"redirect_uris"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect1"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect2"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"sector_identifier_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/sector_identifier.json"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logo_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/logos/logo1.png"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"tos_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/tos.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"policy_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/policy.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwks_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/jwks"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"revocation_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/revocation"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"recipient_base_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"private_key_jwt"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"grant_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"client_credentials"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"response_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"code id_token"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"application_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_signed_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RSA-OAEP"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_enc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A256GCM"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"request_object_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_statement"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"740C368F-ECF9-4D29-A2EA-0514A66B0CDE"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_roles"</span><span class="p">:</span><span class="w"> </span><span class="s2">"data-recipient-software-product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"openid profile bank:accounts.basic:read bank:accounts.detail:read bank:transactions:read bank:payees:read bank:regular_payments:read common:customer.basic:read common:customer.detail:read cdr:registration"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
<h3 id="update-a-client-registration-for-a-given-client-id-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>200</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.1">OK</a></td>
<td>Client registration update success</td>
<td><a href="#schemaregistrationproperties">RegistrationProperties</a></td>
</tr>
<tr>
<td>400</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">Bad Request</a></td>
<td>Request failed due to client error</td>
<td><a href="#schemaregistrationerror">RegistrationError</a></td>
</tr>
<tr>
<td>401</td>
<td><a href="https://tools.ietf.org/html/rfc7235#section-3.1">Unauthorized</a></td>
<td>Request failed due to unknown or invalid Client or invalid access token</td>
<td>None</td>
</tr>
<tr>
<td>403</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.3">Forbidden</a></td>
<td>The client does not have permission to read, update or delete the Client</td>
<td>None</td>
</tr>
</tbody></table>
<h3 id='response-headers-2'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>401</td>
<td>WWW-Authenticate</td>
<td>string</td>
<td></td>
<td>The Response Header Field as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
</tbody></table>

<aside class="notice">
To perform this operation, you must be authenticated and authorised with the following scope: <span class="bold">cdr:registration</span>
</aside>
<h2 id='delete-a-client-registration-for-a-given-client-id'>Delete a Client Registration for a given Client ID</h2>
<blockquote>
<p>Code samples</p>
</blockquote>
<pre class="highlight plaintext"><code>DELETE /register/{ClientId} HTTP/1.1
Authorization: Bearer &lt;access-token&gt;

</code></pre>
<p><code>DELETE /register/{ClientId}</code></p>

<h3 id="delete-a-client-registration-for-a-given-client-id-parameters">Parameters</h3>

<table><thead>
<tr>
<th>Name</th>
<th>In</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>ClientId</td>
<td>path</td>
<td>string</td>
<td>true</td>
<td>The client ID issued by the target Data Holder</td>
</tr>
<tr>
<td>Authorization</td>
<td>header</td>
<td>string</td>
<td>true</td>
<td>An Authorisation Token as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
</tbody></table>

<h3 id="delete-a-client-registration-for-a-given-client-id-responses">Responses</h3>

<table><thead>
<tr>
<th>Status</th>
<th>Meaning</th>
<th>Description</th>
<th>Schema</th>
</tr>
</thead><tbody>
<tr>
<td>204</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.3.5">No Content</a></td>
<td>Client deleted</td>
<td>None</td>
</tr>
<tr>
<td>401</td>
<td><a href="https://tools.ietf.org/html/rfc7235#section-3.1">Unauthorized</a></td>
<td>Request failed due to unknown or invalid Client or invalid access token</td>
<td>None</td>
</tr>
<tr>
<td>403</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.3">Forbidden</a></td>
<td>The client does not have permission to read, update or delete the Client</td>
<td>None</td>
</tr>
<tr>
<td>405</td>
<td><a href="https://tools.ietf.org/html/rfc7231#section-6.5.5">Method Not Allowed</a></td>
<td>Method Not Allowed. The requested method is unsupported</td>
<td>None</td>
</tr>
</tbody></table>
<h3 id='response-headers-3'>Response Headers</h3>
<table><thead>
<tr>
<th>Status</th>
<th>Header</th>
<th>Type</th>
<th>Format</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>401</td>
<td>WWW-Authenticate</td>
<td>string</td>
<td></td>
<td>The Response Header Field as per <a href="https://tools.ietf.org/html/rfc6750">RFC6750</a></td>
</tr>
</tbody></table>

<aside class="notice">
To perform this operation, you must be authenticated and authorised with the following scope: <span class="bold">cdr:registration</span>
</aside>
<h2 id='schemas'>Schemas</h2>
<h2 id="tocSregistrationproperties">RegistrationProperties</h2>

<p><a id="schemaregistrationproperties"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"35a5a70b-5b8d-41f4-9cbd-96cfbc15c58a"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_id_issued_at"</span><span class="p">:</span><span class="w"> </span><span class="mi">1571808167</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Software"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A mock software product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"344F0E809-BDBE-4F8E-BD30-5E6C3CB78D7B"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Pty Ltd."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Brand."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"redirect_uris"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect1"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect2"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"sector_identifier_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/sector_identifier.json"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logo_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/logos/logo1.png"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"tos_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/tos.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"policy_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/policy.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwks_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/jwks"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"revocation_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/revocation"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"recipient_base_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"private_key_jwt"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"grant_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"client_credentials"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"response_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"code id_token"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"application_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_signed_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RSA-OAEP"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_enc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A256GCM"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"request_object_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_statement"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"740C368F-ECF9-4D29-A2EA-0514A66B0CDE"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_roles"</span><span class="p">:</span><span class="w"> </span><span class="s2">"data-recipient-software-product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"openid profile bank:accounts.basic:read bank:accounts.detail:read bank:transactions:read bank:payees:read bank:regular_payments:read common:customer.basic:read common:customer.detail:read cdr:registration"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>client_id</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Data Holder issued client identifier string</td>
</tr>
<tr>
<td>client_id_issued_at</td>
<td>integer(int32)</td>
<td>false</td>
<td>none</td>
<td>Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td>client_name</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Human-readable string name of the software product to be presented to the end-user during authorization</td>
</tr>
<tr>
<td>client_description</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Human-readable string name of the software product description to be presented to the end user during authorization</td>
</tr>
<tr>
<td>client_uri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>URL string of a web page providing information about the client</td>
</tr>
<tr>
<td>legal_entity_id</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Legal Entity</td>
</tr>
<tr>
<td>legal_entity_name</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Human-readable string name of the Accredited Data Recipient Legal Entity</td>
</tr>
<tr>
<td>org_id</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Brand</td>
</tr>
<tr>
<td>org_name</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Human-readable string name of the Accredited Data Recipient to be presented to the end user during authorization</td>
</tr>
<tr>
<td>redirect_uris</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>Array of redirection URI strings for use in redirect-based flows. If used, redirect_uris MUST match or be a subset of the redirect_uris as defined in the SSA</td>
</tr>
<tr>
<td>sector_identifier_uri</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URL string referencing the client sector identifier URI, used as an optional input to the Pairwise Identifier</td>
</tr>
<tr>
<td>logo_uri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>URL string that references a logo for the client. If present, the server SHOULD display this image to the end-user during approval</td>
</tr>
<tr>
<td>tos_uri</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URL string that points to a human-readable terms of service document for the Software Product</td>
</tr>
<tr>
<td>policy_uri</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URL string that points to a human-readable policy document for the Software Product</td>
</tr>
<tr>
<td>jwks_uri</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>URL string referencing the client JSON Web Key (JWK) Set [RFC7517] document, which contains the client public keys</td>
</tr>
<tr>
<td>revocation_uri</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>URI string that references the location of the Software Product consent revocation endpoint</td>
</tr>
<tr>
<td>recipient_base_uri</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Base URI for the Consumer Data Standard Data Recipient endpoints. This should be the base to provide reference to all other <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">Data Recipient Endpoints</a></td>
</tr>
<tr>
<td>token_endpoint_auth_method</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The requested authentication method for the token endpoint</td>
</tr>
<tr>
<td>token_endpoint_auth_signing_alg</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>The algorithm used for signing the JWT</td>
</tr>
<tr>
<td>grant_types</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>Array of OAuth 2.0 grant type strings that the client can use at the token endpoint</td>
</tr>
<tr>
<td>response_types</td>
<td>[string]</td>
<td>true</td>
<td>none</td>
<td>Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.</td>
</tr>
<tr>
<td>application_type</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Kind of the application. The only supported application type will be <code>web</code></td>
</tr>
<tr>
<td>id_token_signed_response_alg</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Algorithm with which an id_token is to be signed</td>
</tr>
<tr>
<td>id_token_encrypted_response_alg</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>JWE <code>alg</code> algorithm with which an id_token is to be encrypted</td>
</tr>
<tr>
<td>id_token_encrypted_response_enc</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>JWE <code>enc</code> algorithm with which an id_token is to be encrypted</td>
</tr>
<tr>
<td>request_object_signing_alg</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Algorithm which the ADR expects to sign the request object if a request object will be part of the authorization request sent to the Data Holder</td>
</tr>
<tr>
<td>software_statement</td>
<td>string(JWT)</td>
<td>true</td>
<td>none</td>
<td>The Software Statement Assertion, as defined in <a href="https://cdr-register.github.io/register/#dynamic-client-registration">Dynamic Client Registration</a></td>
</tr>
<tr>
<td>software_id</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>String representing a unique identifier assigned by the ACCC Register and used by registration endpoints to identify the software product to be dynamically registered. </br></br>The &quot;software_id&quot; will remain the same for the lifetime of the product, across multiple updates and versions</td>
</tr>
<tr>
<td>software_roles</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>String containing a role of the software in the CDR Regime. Initially the only value used with be <code>data-recipient-software-product</code></td>
</tr>
<tr>
<td>scope</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>String containing a space-separated list of scope values that the client can use when requesting access tokens.</td>
</tr>
</tbody></table>
<h4 id='enumerated-values'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>token_endpoint_auth_method</td>
<td>private_key_jwt</td>
</tr>
<tr>
<td>token_endpoint_auth_signing_alg</td>
<td>PS256</td>
</tr>
<tr>
<td>token_endpoint_auth_signing_alg</td>
<td>ES256</td>
</tr>
<tr>
<td>application_type</td>
<td>web</td>
</tr>
<tr>
<td>id_token_signed_response_alg</td>
<td>PS256</td>
</tr>
<tr>
<td>id_token_signed_response_alg</td>
<td>ES256</td>
</tr>
<tr>
<td>request_object_signing_alg</td>
<td>PS256</td>
</tr>
<tr>
<td>request_object_signing_alg</td>
<td>ES256</td>
</tr>
</tbody></table>

<h2 id="tocSclientregistration">ClientRegistration</h2>

<p><a id="schemaclientregistration"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"iss"</span><span class="p">:</span><span class="w"> </span><span class="s2">"CDR Software Product ID"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"iat"</span><span class="p">:</span><span class="w"> </span><span class="mi">1571808167</span><span class="p">,</span><span class="w">
  </span><span class="s2">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">2147483646</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jti"</span><span class="p">:</span><span class="w"> </span><span class="s2">"37747cd1c10545699f754adf28b73e31"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"aud"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://secure.api.dataholder.com/issuer"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"35a5a70b-5b8d-41f4-9cbd-96cfbc15c58a"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_id_issued_at"</span><span class="p">:</span><span class="w"> </span><span class="mi">1571808167</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Software"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A mock software product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"client_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"344F0E809-BDBE-4F8E-BD30-5E6C3CB78D7B"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"legal_entity_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Pty Ltd."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"org_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mock Company Brand."</span><span class="p">,</span><span class="w">
  </span><span class="s2">"redirect_uris"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect1"</span><span class="p">,</span><span class="w">
    </span><span class="s2">"https://www.mockcompany.com.au/redirects/redirect2"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"sector_identifier_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/sector_identifier.json"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"logo_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/logos/logo1.png"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"tos_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/tos.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"policy_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/policy.html"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"jwks_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/jwks"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"revocation_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au/revocation"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"recipient_base_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.mockcompany.com.au"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"private_key_jwt"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"token_endpoint_auth_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"grant_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"client_credentials"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"response_types"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"code id_token"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="s2">"application_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_signed_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RSA-OAEP"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"id_token_encrypted_response_enc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A256GCM"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"request_object_signing_alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PS256"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_statement"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"740C368F-ECF9-4D29-A2EA-0514A66B0CDE"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"software_roles"</span><span class="p">:</span><span class="w"> </span><span class="s2">"data-recipient-software-product"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"openid profile bank:accounts.basic:read bank:accounts.detail:read bank:transactions:read bank:payees:read bank:regular_payments:read common:customer.basic:read common:customer.detail:read cdr:registration"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-2'>Properties</h3>
<p><em>allOf</em></p>

<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><em>anonymous</em></td>
<td>object</td>
<td>false</td>
<td>none</td>
<td>none</td>
</tr>
<tr>
<td>» iss</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Contains the identifier for the ADR Software Product (SoftwareProductId) as defined in the CDR Register</td>
</tr>
<tr>
<td>» iat</td>
<td>integer(int32)</td>
<td>true</td>
<td>none</td>
<td>The time at which the request was issued by the Data Recipient  expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td>» exp</td>
<td>integer(int32)</td>
<td>true</td>
<td>none</td>
<td>The time at which the request expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC</td>
</tr>
<tr>
<td>» jti</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Unique identifier for the JWT, used to prevent replay of the token</td>
</tr>
<tr>
<td>» aud</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>&#39;Contains the DH issuer value as described in the <a href="https://consumerdatastandardsaustralia.github.io/standards/#end-points">OIDC Discovery Document</a>&#39;&#39;</td>
</tr>
</tbody></table>

<p><em>and</em></p>

<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><em>anonymous</em></td>
<td><a href="#schemaregistrationproperties">RegistrationProperties</a></td>
<td>false</td>
<td>none</td>
<td>none</td>
</tr>
</tbody></table>

<h2 id="tocSregistrationerror">RegistrationError</h2>

<p><a id="schemaregistrationerror"></a></p>
<pre class="highlight json tab-json"><code><span class="p">{</span><span class="w">
  </span><span class="s2">"error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"invalid_redirect_uri"</span><span class="p">,</span><span class="w">
  </span><span class="s2">"error_description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w">
</span><span class="p">}</span><span class="w">

</span></code></pre><h3 id='properties-3'>Properties</h3>
<table><thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Required</th>
<th>Restrictions</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td>error</td>
<td>string</td>
<td>true</td>
<td>none</td>
<td>Predefined error code as described in <a href="https://openid.net/specs/openid-connect-registration-1_0.html">section 3.3 OIDC Dynamic Client Registration</a>  </br><code>invalid_redirect_uri</code> - The value of one or more redirection URIs is invalid. </br><code>invalid_client_metadata</code> - The value of one of the client metadata fields is invalid and the server has rejected this request. This error value is also used when attempts at duplicate registrations for the same software_id are rejected </br><code>invalid_software_statement</code> - The software statement presented is invalid. </br><code>unapproved_software_statement</code> - The software statement presented is not approved for use by this authorization server.</td>
</tr>
<tr>
<td>error_description</td>
<td>string</td>
<td>false</td>
<td>none</td>
<td>Additional text description of the error for debugging.</td>
</tr>
</tbody></table>
<h4 id='enumerated-values-2'>Enumerated Values</h4>
<table><thead>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
</thead><tbody>
<tr>
<td>error</td>
<td>invalid_redirect_uri</td>
</tr>
<tr>
<td>error</td>
<td>invalid_client_metadata</td>
</tr>
<tr>
<td>error</td>
<td>invalid_software_statement</td>
</tr>
<tr>
<td>error</td>
<td>unapproved_software_statement</td>
</tr>
</tbody></table>
<h1 id='change-log'>Change Log</h1>
<p>Documentation versioning will follow the following conventions</p>

<table><thead>
<tr>
<th>x.y.z</th>
<th></th>
<th></th>
</tr>
</thead><tbody>
<tr>
<td><strong>x</strong></td>
<td>major version</td>
<td>major formal release</td>
</tr>
<tr>
<td><strong>y</strong></td>
<td>minor version</td>
<td>minor formal release including design changes impacting build to participants</td>
</tr>
<tr>
<td><strong>z</strong></td>
<td>point version</td>
<td>documentation improvements and clarification</td>
</tr>
</tbody></table>

<p></br></br>The following table lists the changes made in reverse date order (most recent change is at the top)</p>

<table><thead>
<tr>
<th>Date</th>
<th>Register API Ver</th>
<th>Description</th>
<th>Detail Of Change</th>
</tr>
</thead><tbody>
<tr>
<td>25/05/2021</td>
<td>1.5.0</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.5.0.html">release notes</a> for detail</td>
</tr>
<tr>
<td>22/04/2021</td>
<td>1.4.0</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.4.0.html">release notes</a> for detail</td>
</tr>
<tr>
<td>25/01/2021</td>
<td>1.3.0</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.3.0.html">release notes</a> for detail</td>
</tr>
<tr>
<td>13/10/2020</td>
<td>1.2.3</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.2.3.html">release notes</a> for detail</td>
</tr>
<tr>
<td>06/08/2020</td>
<td>1.2.2</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.2.2.html">release notes</a> for detail</td>
</tr>
<tr>
<td>02/07/2020</td>
<td>1.2.1</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.2.1.html">release notes</a> for detail</td>
</tr>
<tr>
<td>01/07/2020</td>
<td>1.2.0</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.2.0.html">release notes</a> for detail</td>
</tr>
<tr>
<td>29/06/2020</td>
<td>1.1.2</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.1.2.html">release notes</a> for detail</td>
</tr>
<tr>
<td>20/04/2020</td>
<td>1.1.1</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.1.1.html">release notes</a> for detail</td>
</tr>
<tr>
<td>03/02/2020</td>
<td>1.1.0</td>
<td>Maintenance updates</td>
<td>See <a href="includes/releasenotes/releasenotes.1.1.0.html">release notes</a> for detail</td>
</tr>
<tr>
<td>10/12/2019</td>
<td>1.0.5</td>
<td>Updated Security Profile</td>
<td>Added Register Endpoint section detailing Register access token retrieval</br>Updated overview to clarify security profile requirements</td>
</tr>
<tr>
<td>10/12/2019</td>
<td>1.0.5</td>
<td>Updated Client Registration</td>
<td>Added modifiable column to the SSA definition to explicitly outline what can be changed</td>
</tr>
<tr>
<td>25/11/2019</td>
<td>1.0.4</td>
<td>Participant Statuses</td>
<td>Updated status sequence diagrams to explicitly model the status checks required</br>Updated the associated status change descriptions to refer to the Data Holder Responsibilities matrix</td>
</tr>
<tr>
<td>25/11/2019</td>
<td>1.0.4</td>
<td>Register APIs</td>
<td>Added use case descriptions to each API to explicitly outline their intent</td>
</tr>
<tr>
<td>25/11/2019</td>
<td>1.0.4</td>
<td>CDR Register</td>
<td>Updated ecosystem so that CDR Register exposes InfoSec APIs to facilitate OIDC</br>Updated API requirements to include Data Recipient information discovery</td>
</tr>
<tr>
<td>25/11/2019</td>
<td>1.0.4</td>
<td>Security Profile</td>
<td>Updated client authentication identifier references to include the DH to ADR revocation API and specify where the identifiers are issued from</br>Updated Client Certificates, corrected Accredited Data Recipients certificates to be used for consuming the Register and DH APIs</td>
</tr>
<tr>
<td>25/11/2019</td>
<td>1.0.4</td>
<td>Client Registration</td>
<td>Updated references to the <strong>RFC7591</strong> standards and added further detail to the provided examples</td>
</tr>
<tr>
<td>20/11/2019</td>
<td>1.0.3</td>
<td>Updated DCR Swagger</td>
<td>Added descriptions to error codes to explicitly detail how duplicate registration requests are handled</td>
</tr>
<tr>
<td>20/11/2019</td>
<td>1.0.3</td>
<td>Client Registration</td>
<td>Updated Registration Request using JWT adding support for the <code>client_credentials</code> grant type</br>Explicitly detailed that Data Holders must validate scope for DCR management requests</br>Updated examples to outline that the <code>cdr:registration</code> scope is required</td>
</tr>
<tr>
<td>20/11/2019</td>
<td>1.0.3</td>
<td>Participant Statuses</td>
<td>Updated sequence diagrams to explicitly call out the status APIs being called to populate the metadata cache</br>Updated Status Mapping to clarify that cascading statuses do not cascade to active</td>
</tr>
<tr>
<td>07/11/2019</td>
<td>1.0.2</td>
<td>Updated Security Profile</td>
<td>Cleaned up out of date statements in client authentication</td>
</tr>
<tr>
<td>07/11/2019</td>
<td>1.0.2</td>
<td>Updated Participant Statuses</td>
<td>Added Consent Expires column to status mapping to explicitly detail when consent should be cleaned up</td>
</tr>
<tr>
<td>07/11/2019</td>
<td>1.0.2</td>
<td>Updated Register API</td>
<td>Added tables to add clarification as to who is consuming the APIs, authentication requirements and transport security</td>
</tr>
<tr>
<td>06/11/2019</td>
<td>1.0.1</td>
<td>Updated Availability</td>
<td>Added clarification on what is expected to change during outages</td>
</tr>
<tr>
<td>06/11/2019</td>
<td>1.0.1</td>
<td>Updated Participant Statuses</td>
<td>Added Registration cleanup expectations on Software Product status change</td>
</tr>
<tr>
<td>31/10/2019</td>
<td>1.0.0</td>
<td>Baseline version 1</td>
<td>This release is the baseline release of the CDR Register design, aligned to the CDS V1.0 release, intended for implementation February 2020</td>
</tr>
<tr>
<td>30/10/2019</td>
<td>0.8.0</td>
<td>Updated Client Registration</td>
<td>Reverted back <strong>Registration flows</strong> sequence diagrams to no longer include status checks for the <code>software_id</code>, instead relying on the CDR Register controls</br>Added non-normative examples for maintenance flows and error scenarios</br>SSAs will only be issued for <strong>active</strong> software products</br>Added <strong>Registration Validation</strong> section</td>
</tr>
<tr>
<td>30/10/2019</td>
<td>0.8.0</td>
<td>Added DCR APIs</td>
<td>Added <strong>DCR Swagger</strong> definitions for Data Holders</td>
</tr>
<tr>
<td>24/10/2019</td>
<td>0.8.0</td>
<td>Updated Client Registration</td>
<td>Added SSA example with associated JWKS and decoded payload</td>
</tr>
<tr>
<td>24/10/2019</td>
<td>0.8.0</td>
<td>Updated Register APIs</td>
<td>Added <code>industry</code> parameter on all routes so the associated industry doesn&#39;t need to be inferred</br>Renamed <code>sector</code> to <code>industry</code> to be consistent to the CDS</br>Removed pagination from GetDataRecipients as this is intended to be called infrequently and cached to CDN</td>
</tr>
<tr>
<td>23/10/2019</td>
<td>0.7.0</td>
<td>Updated Client Registration</td>
<td>Updated <strong>Registration flows</strong> sequence diagrams to include a check for Software status</td>
</tr>
<tr>
<td>23/10/2019</td>
<td>0.7.0</td>
<td>Updated Participant Statuses</td>
<td>Added <strong>Facilitate Consent Withdrawal</strong> sequence diagram and updated <strong>Request for Data Sharing</strong> sequence diagram</td>
</tr>
<tr>
<td>23/10/2019</td>
<td>0.7.0</td>
<td>Updated Register APIs</td>
<td>Added <strong>GetDataRecipientsStatus</strong> and <strong>GetDataRecipients</strong> API definitions</td>
</tr>
<tr>
<td>16/10/2019</td>
<td>0.6.0</td>
<td>Updated Client Registration</td>
<td>Added <code>client credentials</code> POST token example</td>
</tr>
<tr>
<td>11/10/2019</td>
<td>0.6.0</td>
<td>Updated Client Registration</td>
<td>Corrected grant type <code>urn:ietf:params:oauth:grant-type:jwt-bearer</code> in the example</br>Corrected <code>grant_types</code> and <code>response_types</code> from string to array of strings</td>
</tr>
<tr>
<td>26/09/2019</td>
<td>0.6.0</td>
<td>Updated Client Registration</td>
<td>Removed <code>iss_tos_uri</code> as feedback from the community indicated that there is no known use case for this field</br>Added response details and associated example</br>Added clarification on Data Holder Authorisation Server requirements</td>
</tr>
<tr>
<td>25/09/2019</td>
<td>0.6.0</td>
<td>Updated Client Registration</td>
<td>Added sequence diagrams to add clarification to the process</td>
</tr>
<tr>
<td>23/09/2019</td>
<td>0.6.0</td>
<td>Updated Client Registration</td>
<td>Changed signing algorithm to <code>PS256</code></br>Added clarification for client authentication model for Registration endpoints</br>Added <code>register</code> as the registration URI base path</br>Changed SSA API lifetime to <strong>10 minutes</strong> to ensure sufficient time for batch calls to all relevant Data Holders</td>
</tr>
<tr>
<td>23/09/2019</td>
<td>0.6.0</td>
<td>Updated Overview</td>
<td>Updated participant statuses to reflect updates to the entity model to accommodate brands</td>
</tr>
<tr>
<td>23/09/2019</td>
<td>0.6.0</td>
<td>Updated Overview</td>
<td>Updated component diagram to reflect changes for dynamic client registration</td>
</tr>
<tr>
<td>23/09/2019</td>
<td>0.6.0</td>
<td>Updated Register APIs</td>
<td>Ensured all paths follow kebab-case. </br>Moved <code>authDetail</code> object out of the endpoint definition. The <code>authDetail</code> object outlines how the Data Holder will call the consent revocation API and therefore, shouldn&#39;t be coupled to the endpoint definition</td>
</tr>
<tr>
<td>19/09/2019</td>
<td>0.5.0</td>
<td>Updated Client Registration</td>
<td>Updated Register Delete endpoint to be optional</td>
</tr>
<tr>
<td>19/09/2019</td>
<td>0.5.0</td>
<td>Updated Register APIs</td>
<td>Updated Register APIs to reflect discovery of data holder brands and facilitate Dynamic Registration</td>
</tr>
<tr>
<td>15/09/2019</td>
<td>0.5.0</td>
<td>Updated Client Registration</td>
<td>Updated Client Registration section to detail Dynamic Registration, to reflect updates from <strong><a href="https://github.com/cdr-register/register/issues/23">GitHub Issue 23</a></strong></td>
</tr>
<tr>
<td>15/09/2019</td>
<td>0.5.0</td>
<td>Updated Security Profile</td>
<td>Updated Certificate Management section to reflect updates from <strong><a href="https://github.com/cdr-register/register/issues/22">GitHub Issue 22</a></strong></td>
</tr>
<tr>
<td>14/08/2019</td>
<td>0.4.0</td>
<td>Updated Swagger Definition</td>
<td>Updated JWK schema to conform to <strong><a href="https://tools.ietf.org/html/rfc7517">RFC 7517</a></strong><br>Added redirectUri to whitelist per product</td>
</tr>
<tr>
<td>06/08/2019</td>
<td>0.3.0</td>
<td>Addition of Security Profile</td>
<td>This section outlines all the security requirements for interacting with the CDR Register</td>
</tr>
<tr>
<td>31/07/2019</td>
<td>0.3.0</td>
<td>Updated Swagger definition</td>
<td>Removed TermsOfServiceUri, PolicyUri &amp; SupportUri</td>
</tr>
<tr>
<td>29/07/2019</td>
<td>0.2.0</td>
<td>Update to Participant Statuses</td>
<td>Simplified the validity of Data Recipient Checks to only use Certificate Status and Software Product Status</td>
</tr>
<tr>
<td>29/07/2019</td>
<td>0.2.0</td>
<td>Addition of Endpoints</td>
<td>Grouped Endpoints and Certificate Management, outlining participant requirements to group and secure endpoints</td>
</tr>
<tr>
<td>29/07/2019</td>
<td>0.2.0</td>
<td>Updated Swagger definition</td>
<td>Updates include updates to endpoint sets and removing of suspension dates</td>
</tr>
<tr>
<td>23/07/2019</td>
<td>0.1.0</td>
<td>Addition of Versioning</td>
<td>Outline of Versioning strategy noting that industry collaboration is required for deprecation strategy</td>
</tr>
<tr>
<td>23/07/2019</td>
<td>0.1.0</td>
<td>Addition of Participant Statuses</td>
<td>Outline of Participant Statuses and expectations on participants within the ecosystem</td>
</tr>
<tr>
<td>23/07/2019</td>
<td>0.1.0</td>
<td>Update to Consumer Data Right Register Section</td>
<td>Updated component diagram to reflect software product relationship for Data Recipients</td>
</tr>
<tr>
<td>09/07/2019</td>
<td>0.1.0</td>
<td>Update to Consumer Data Right Register Section</td>
<td>Updated component diagram to reflect Identity Provider requirements for Data Recipients</td>
</tr>
<tr>
<td>08/07/2019</td>
<td>0.1.0</td>
<td>Update to Consumer Data Right Register Section</td>
<td>Provided ecosystem component diagram with responsibilities of each participant</td>
</tr>
<tr>
<td>08/07/2019</td>
<td>0.1.0</td>
<td>Addition of Certificate Management Section</td>
<td>Outline of Participant Certificate Issuance and Management expectations</td>
</tr>
<tr>
<td>03/07/2019</td>
<td>0.1.0</td>
<td>Addition of Availability Section</td>
<td>Outline of Participant Availability expectations</td>
</tr>
<tr>
<td>30/06/2019</td>
<td>0.1.0</td>
<td>Addition of Client Registration Section</td>
<td>Outline of Client Registration Process</td>
</tr>
<tr>
<td>30/06/2019</td>
<td>0.1.0</td>
<td>Addition of change log</td>
<td>This change log was added to the standards documentation</td>
</tr>
</tbody></table>
<h1 id='archives'>Archives</h1>
<p>The following table lists archived versions of the CDR Register Design.  These are older versions of the design that are available for reference only.</p>

<table><thead>
<tr>
<th>Releases Date</th>
<th>Version</th>
<th>Description</th>
</tr>
</thead><tbody>
<tr>
<td><a href="./archives/cdr-design-1.4.0/">22/04/2021</a></td>
<td>1.4.0</td>
<td><a href="./archives/cdr-design-1.4.0/">Maintenance Updates</a></td>
</tr>
<tr>
<td><a href="./archives/cdr-design-1.3.0/">25/01/2021</a></td>
<td>1.3.0</td>
<td><a href="./archives/cdr-design-1.3.0/">Maintenance Updates</a></td>
</tr>
<tr>
<td><a href="./archives/cdr-design-1.2.3/">13/10/2020</a></td>
<td>1.2.3</td>
<td><a href="./archives/cdr-design-1.2.3/">Maintenance Updates</a></td>
</tr>
<tr>
<td><a href="./archives/cdr-design-1.1.2/">29/06/2019</a></td>
<td>1.1.2</td>
<td><a href="./archives/cdr-design-1.1.2/">Maintenance Updates</a></td>
</tr>
<tr>
<td><a href="./archives/cdr-design-1.0.5/">10/12/2019</a></td>
<td>1.0.5</td>
<td><a href="./archives/cdr-design-1.0.5/">Updates to client registration &amp; security profile</a></td>
</tr>
<tr>
<td><a href="./archives/cdr-design-1.0.0/">31/10/2019</a></td>
<td>1.0.0</td>
<td><a href="./archives/cdr-design-1.0.0/">Baseline version 1</a></td>
</tr>
</tbody></table>

      </div>
      <div class="dark-box">
          <div class="lang-selector">
                <a href="#" data-language-name="Examples">Examples</a>
          </div>
      </div>
    </div>
  </body>
</html>